Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

mbam-log-6-22-2008/SUPERAntiSpyware Scan Log [RESOLVED]

Started by gripgrizzly , Jun 22 2008 09:27 PM

  • This topic is locked This topic is locked

#1
gripgrizzly
Posted 22 June 2008 - 09:27 PM

gripgrizzly

    Member

  • Member
  • PipPip
  • 13 posts
Malwarebytes' Anti-Malware 1.17
Database version: 846

8:42:13 AM 6/22/2008
mbam-log-6-22-2008 (08-41-45).txt

Scan type: Quick Scan
Objects scanned: 43106
Time elapsed: 47 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 33
Registry Values Infected: 11
Registry Data Items Infected: 3
Folders Infected: 5
Files Infected: 69

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ssqRLCsP.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Unloaded module successfully.
C:\WINDOWS\system32\ddcBTmki.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\Explorer.006 (Heuristics.Reserved.Word.Exploit) -> Unloaded module successfully.
C:\WINDOWS\system32\Explorer.007 (Heuristics.Reserved.Word.Exploit) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdff8461-80d8-4e3c-a26e-a2daa98d4fad} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{cdff8461-80d8-4e3c-a26e-a2daa98d4fad} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\0bb69e0c8f7404d4b92477b0f0bd1845 (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\0bb69e0c8f7404d4b92477b0f0bd1845 (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\70b04ea5347940b4393bd61ea7c52133 (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\imeshmediabar.stockbar (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\imeshmediabar.stockbar.1 (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usb2_04 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\usb2_04 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usb2_04 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winctrl32 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\Software\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WLCtrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Mirar (AdWare.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e25ee903-37eb-467b-b1f0-f71063f6b8c8} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e25ee903-37eb-467b-b1f0-f71063f6b8c8} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcbtmki (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{de8ebd26-cb27-46dd-b561-fc482572ad70} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7d814b5c-6ed3-45cb-b65b-143611ca1b15} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\runtime (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7894640e (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\{02ffac45-0b10-5633-4296-1801f1a36678} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\{f710fa10-2031-3106-8872-93a2b5c5c620} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Explorer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM7ba75792 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e25ee903-37eb-467b-b1f0-f71063f6b8c8} (Trojan.Vundo) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ssqrlcsp -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ssqrlcsp -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\ntos.exe -> Delete on reboot.

Folders Infected:
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Delete on reboot.
C:\Program Files\DivoCodec (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\ErrorKiller\Log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\ErrorKiller\Registry Backups (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\adcwfanv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vnafwcda.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blbprxhs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shxrpblb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jjmtuhao.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oahutmjj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nbbxbuwe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ewubxbbn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pgpbxosr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rsoxbpgp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qibmqffk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kffqmbiq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rhmuneoh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoenumhr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rpjqugsc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\csguqjpr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqRLCsP.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\PsCLRqss.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\PsCLRqss.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tcstbjmw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wmjbtsct.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vipwboll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\llobwpiv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshMediaBar.dll (Adware.Softomate) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xkymqvcb.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\nkv2.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu1953.exe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\11.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\13.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\18.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\1A.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\1E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\1F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\215.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\27.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\2A.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\33.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\wsnpoem\audio.dll.cla (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\HP_Owner\Application Data\ErrorKiller\Log\2007 Dec 09 - 02_59_13 PM_812.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\ErrorKiller\Log\2007 Dec 09 - 02_59_16 PM_312.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\ErrorKiller\Registry Backups\2007-12-08_20-27-26.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\ErrorKiller\Registry Backups\2007-12-09_02-33-47.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\ErrorKiller\Registry Backups\2007-12-09_15-07-20.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Explorer.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\WinData.cab (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinNt32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\llmcnwxo.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\WLCtrl32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcBTmki.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xxyvttTK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqOIbBq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pjjedkie.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\31.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntos.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\3_exception.nls (Trojan.Tibs) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Explorer.001 (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\explorer.002 (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\explorer.005 (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Explorer.006 (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Explorer.007 (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
=================================================================









SUPERAntiSpyware Scan Log
Generated 06/22/2008 at 03:15 PM

Application Version : 3.6.1000

Core Rules Database Version : 3394
Trace Rules Database Version: 1386

Scan type : Complete Scan
Total Scan Time : 06:22:10

Memory items scanned : 400
Memory threats detected : 0
Registry items scanned : 9230
Registry threats detected : 9
File items scanned : 105275
File threats detected : 85

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{9C8A568E-4201-478a-8536-526CF371D2E2}
HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}
HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}
HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\InprocServer32
HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\InprocServer32#ThreadingModel
HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\ProgID
HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\Programmable
HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\TypeLib
HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\VersionIndependentProgID
C:\WINDOWS\SYSTEM32\NSOED.DLL

Adware.WsnPoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\audio.dll.cla
C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\system32\wsnpoem

Trojan.Downloader-Gen/MultiBot
C:\DOCUMENTS AND SETTINGS\HP_OWNER\DESKTOP\GAMES\(14)\NEBULACONFIG.EXE
C:\DOCUMENTS AND SETTINGS\HP_OWNER\DESKTOP\GAMES\(14)\NEBULANET.EXE

Adware.Lop
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP22\A0008238.EXE

Rootkit.RunTime3/FutureGen
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP25\A0011270.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP25\A0014329.SYS

Trojan.LanMan/Rootkit
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP25\A0014285.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP25\A0014335.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP25\A0014372.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP25\A0014385.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP26\A0014923.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP26\A0015766.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP26\A0015787.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP27\A0016790.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP28\A0016859.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP29\A0017067.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP31\A0017163.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP32\A0018067.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP33\A0018372.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP33\A0019344.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP33\A0019425.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP33\A0020425.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP33\A0020507.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP34\A0020601.SYS

Adware.AdRotator/AdsSite
C:\WINDOWS\SYSTEM32\ADSSITE-REMOVE.EXE

Adware.Tracking Cookie
C:\WINDOWS\system32\config\systemprofile\Cookies\system@2o7[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@adlegend[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@adrevolver[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@adultfriendfinder[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@advertising[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@apmebf[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@bizrate[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@bluestreak[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@dealtime[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@enhancementadvice[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@eyewonder[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@fastclick[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@indextools[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@interclick[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@linksynergy[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@lynxtrack[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@mediaplex[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@mediatraffic[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@nextag[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@overture[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@partner2profit[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@precisionclick[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@questionmarket[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@realmedia[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@revsci[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][3].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][3].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@specificclick[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@statcounter[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@tacoda[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@trafficmp[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@tribalfusion[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@zedo[2].txt
================================================================







;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-06-22 23:13:58
PROTECTIONS: 0
MALWARE: 79
SUSPECTS: 2
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00035917 adware/ist.sidefind Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\sidefind
00042191 adware/ist.yoursitebar Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\yoursitebar
00047993 adware/powerscan Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\power scan
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.casalemedia.com/]
00139535 Application/Processor HackTools No 0 No No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP39\A0027516.exe[²ƒÇ]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.clickbank.net/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.xiti.com/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.azjmp.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.toplist.cz/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.statcounter.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.burstnet.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.bs.serving-sys.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[www.burstbeacon.com/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[server.iad.liveperson.net/hc/2500496]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.realmedia.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.zedo.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.adrevolver.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.bravenet.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.adultfriendfinder.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.target.com/]
00259819 Application/Ardamax HackTools No 0 Yes No C:\Program Files\GetData\Recover My Files\RecoverMyFiles.exe
00259819 Application/Ardamax HackTools No 0 Yes No C:\Documents and Settings\HP_Owner\Desktop\iphone tools\Recover My Files 3.98 Build 5178 + serial\RecoverMyFiles.exe
00292419 Adware/TrustIn Adware No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP19\A0005967.exe
00292419 Adware/TrustIn Adware No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP19\A0005968.exe
00519333 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP39\A0027516.exe
00524993 Trj/Downloader.ODN Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP19\A0005969.dll
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP39\A0027513.exe[327882R2FWJFW\nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP39\A0027513.exe[327882R2FWJFW\nircmd.cfexe]
01343147 Application/MyWay HackTools No 0 Yes No C:\hp\bin\wbug\HPSummer2005.exe
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.adserver.easyad.info/]
01692556 Application/ScanSpyware HackTools No 0 Yes No C:\Program Files\ScanSpyware v3.8\baBackupRestore.dll
01692557 Application/ScanSpyware HackTools No 0 Yes No C:\Program Files\ScanSpyware v3.8\Scanner.exe
02812218 Adware/AdRotator Adware No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP25\A0014307.dll
02887798 Rootkit/Agent.HML Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP32\A0018203.sys
02887798 Rootkit/Agent.HML Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP33\A0020566.sys
02887798 Rootkit/Agent.HML Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP28\A0016800.sys
02888356 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\onlinethirdsetup\jgnsewdk.exe
02895534 Bck/Lanman.CA Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP31\A0017162.exe
02895534 Bck/Lanman.CA Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP32\A0018129.exe
02895534 Bck/Lanman.CA Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP33\A0020501.exe
02895534 Bck/Lanman.CA Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP33\A0020513.exe
02895534 Bck/Lanman.CA Virus/Trojan No 0 Yes No C:\WINDOWS\system32\drivers\govno.exe
02895534 Bck/Lanman.CA Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP33\A0020514.exe
02895534 Bck/Lanman.CA Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP34\A0020600.exe
02895534 Bck/Lanman.CA Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP32\A0018128.exe
02895534 Bck/Lanman.CA Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP31\A0017161.exe
02900272 Trj/Agent.IAB Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP25\A0013271.dll
02900272 Trj
  • 0

Advertisements

#2
sage5
Posted 23 June 2008 - 12:31 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi gripgrizzly,

Welcome to Geeks to Go!
I am sage5, and I will be helping you with this problem.

Please download the following & save to your Desktop:
SDFix
VundoFix.exe
Deckard's System Scanner


Run SDFix:
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save it as C:\SDFix\Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).


Run VundoFix.exe:
  • Double-click VundoFix.exe to run it.
  • When VundoFix opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES

    Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.


Run Deckard's System Scanner:
  • Close all other windows before proceeding.
  • Double click on the dss.exe file on your Desktop and follow the prompts.
  • Scans will run, and 2 text files will open in Notepad.
  • Close both of the text files.
These files are C:\Deckard\System Scanner\main.txt & extra.txt.
I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of
  • main.txt
  • extra.txt
  • C:\vundofix.txt
  • C:\SDFix\Report.txt
in your next reply.


The text from these files may exceed the maximum post length for this forum, and may need to be sent over 2 or more posts. Please ensure all text is posted.


Cheers,

sage5
  • 0

#3
gripgrizzly
Posted 23 June 2008 - 08:44 PM

gripgrizzly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
sorry sage5 but when i run SDFix's RunThis.bat located at C:\SDFix\Report.txt when i am in Safe Mode
i Type Y to begin an then it says file name path can not be found
am i doing somthing wrong should i continue with the other steps

Edited by gripgrizzly, 23 June 2008 - 09:12 PM.

  • 0

#4
sage5
Posted 23 June 2008 - 09:42 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
When you double clicked on the SDFix.exe file on your Desktop, it should have installed to a new folder called C:\SDFix.
It looks like yours created an oddly named folder C:\SDFix\Report.txt (Not sure how that could happen)
Navigate to the C:\ drive & delete the whole SDFix folder.
Then go back to the instructions in the previous post & start at Run SDFix:
Make sure that you leave the "Destination folder" as C:\ & click install
Complete those instructions & paste the log files required.

Cheers,

sage5
  • 0

#5
gripgrizzly
Posted 24 June 2008 - 05:25 PM

gripgrizzly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
MAIN.txt


Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-06-24 19:07:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
31: 2008-06-24 23:08:01 UTC - RP49 - Deckard's System Scanner Restore Point
30: 2008-06-22 01:14:32 UTC - RP48 - comp fix
29: 2008-06-13 21:28:40 UTC - RP47 - Installed Dawn of War - Dark Crusade
28: 2008-06-13 02:02:24 UTC - RP46 - Installed Dawn Of War - Winter Assault
27: 2008-06-13 01:25:46 UTC - RP45 - Installed DawnOfWar


-- First Restore Point --
1: 2008-06-09 00:44:27 UTC - RP19 - quick clean jan31 2008


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:02 PM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Owner.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://products.webr...p...5E^sbuv`iof
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: adssite - {0cad25fd-3dbd-43c9-cfe1-dddde5cdf453} - C:\WINDOWS\system32\nsu2954.dll (file missing)
O2 - BHO: (no name) - {2e3b781d-7952-4c35-9c51-edd29db7b54c} - (no file)
O2 - BHO: (no name) - {2F1EEE87-2479-4B1F-A32D-C4ABE287EB01} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4843133A-885B-4347-B1F5-889503F5DAAA} - (no file)
O2 - BHO: (no name) - {52477BBE-EF9E-4121-BC4C-FC957837F580} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {854419e7-a3cf-ec0b-1074-7d3250c74367} - {76347c05-23d7-4701-b0ce-fc3a7e914458} - C:\WINDOWS\system32\hqukeiri.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {CC56C432-6A71-4CDA-A4E9-C49865C113E8} - (no file)
O2 - BHO: (no name) - {DE8EBD26-CB27-46DD-B561-FC482572AD70} - (no file)
O2 - BHO: (no name) - {E25EE903-37EB-467B-B1F0-F71063F6B8C8} - (no file)
O2 - BHO: (no name) - {E59C79E2-F9C4-42A4-A4B2-128CBD3B8686} - (no file)
O2 - BHO: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O3 - Toolbar: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BM7ba75792] Rundll32.exe "C:\WINDOWS\system32\nekecwbb.dll",s
O4 - HKLM\..\Run: [7894640e] rundll32.exe "C:\WINDOWS\system32\rhgxsbdb.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Default user')
O4 - Startup: Shortcut (2) to verizon.lnk = ?
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\DRM Converter\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\DRM Converter\YouTubeRipper.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...oad/tgctlcm.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1202103426000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ddcBTmki - C:\WINDOWS\
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Advanced Micro Devices - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COM+ System Application COMSysAppsrservice (COMSysAppsrservice) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HTTP SSL HTTPFilter Service (HTTPFilter Service) - Unknown owner - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Windows Installer MSIServerwinmgmt (MSIServerwinmgmt) - Unknown owner - C:\WINDOWS\
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: IPSEC Services PolicyAgentSENS (PolicyAgentSENS) - Unknown owner - C:\WINDOWS\
O23 - Service: QoS RSVP RSVPCiSvc (RSVPCiSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: System Restore Service srservicesdAuxService (srservicesdAuxService) - Unknown owner - C:\WINDOWS\
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

--
End of file - 15160 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071216-012355-440 O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
backup-20071216-012355-469 O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
backup-20071216-012355-660 O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
backup-20071216-012705-659 O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
backup-20071216-012851-723 O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Biq18 - c:\windows\system32\drivers\biq18.sys
R0 goU85 - c:\windows\system32\drivers\gou85.sys
R1 ISODrive (ISO CD-ROM Device Driver) - c:\program files\ultraiso\drivers\isodrive.sys <Not Verified; EZB Systems, Inc.; ISODrive>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 BrPar - c:\windows\system32\drivers\brpar.sys <Not Verified; Brother Industries Ltd.; Brother Parallel Class Driver>
R3 DrmCDriverV32 - c:\windows\system32\drivers\drmcdriverv32.sys <Not Verified; Windows ® 2000/XP; Windows ® 2000/XP Driver>
R3 DrmCVideo32 - c:\windows\system32\drivers\drmcvideo32.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - c:\windows\system32\drivers\awrtpd.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
S3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - c:\windows\system32\drivers\awrtrd.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
S3 catchme - c:\docume~1\hp_owner\locals~1\temp\catchme.sys (file missing)
S3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 npkcrypt - c:\program files\gravity\ro\npkcrypt.sys (file missing)
S3 npkycryp - c:\program files\gravity\ro\npkycryp.sys (file missing)
S3 RT2500 (Linksys Wireless-G PCI Adapter Driver) - c:\windows\system32\drivers\rt2500.sys <Not Verified; Ralink Technology Inc.; RT2500 802.11g Wireless Adapters>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>

S2 AOLService (AOL Spyware Protection Service) -
S2 COMSysAppsrservice (COM+ System Application COMSysAppsrservice) - ð%€|x srv (file missing)
S2 HTTPFilter Service (HTTP SSL HTTPFilter Service) - ð%€|x srv (file missing)
S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) -
S2 MSIServerwinmgmt (Windows Installer MSIServerwinmgmt) - ð%€|x srv (file missing)
S2 PolicyAgentSENS (IPSEC Services PolicyAgentSENS) - ð%€|x srv (file missing)
S2 RSVPCiSvc (QoS RSVP RSVPCiSvc) - ð%€|x srv (file missing)
S2 srservicesdAuxService (System Restore Service srservicesdAuxService) - ð%€|x srv (file missing)
S3 SoundMovieServer - "c:\windows\system32\snmvtsvc.exe" <Not Verified; SoundMovieServer; SoundMovieServer>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Network Controller
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&1C88B56&0&40A4
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&1C88B56&0&40A4
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-05-21 03:10:39 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-12-28 06:30:23 270 -----n--- C:\WINDOWS\Tasks\AA4A561890F9CA88.job


-- Files created between 2008-05-24 and 2008-06-24 -----------------------------

2008-06-24 18:58:08 4 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-06-24 18:18:37 15360 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-06-24 17:05:13 0 d-------- C:\WINDOWS\ERUNT
2008-06-23 22:51:19 4883733 --ahs---- C:\WINDOWS\system32\accesshm.sys
2008-06-23 22:51:19 21504 --ahs---- C:\WINDOWS\system32\accessh.dll
2008-06-23 22:51:19 20374 --a------ C:\WINDOWS\system32\1033j.sys
2008-06-23 22:31:47 0 d-------- C:\Documents and Settings\HP_Owner\backups
2008-06-23 22:28:22 0 d-------- C:\Documents and Settings\HP_Owner\backups_old
2008-06-23 22:27:59 0 d-------- C:\Documents and Settings\HP_Owner\backups_old1
2008-06-23 22:26:28 0 d-------- C:\Documents and Settings\HP_Owner\backups_old2
2008-06-23 22:24:43 0 d-------- C:\Documents and Settings\HP_Owner\backups_old3
2008-06-23 22:24:43 0 d-------- C:\Documents and Settings\HP_Owner\backupreg
2008-06-22 17:56:05 0 d-------- C:\Program Files\Panda Security
2008-06-22 08:45:03 12800 --a------ C:\WINDOWS\system32\WinNt32.dll
2008-06-21 21:17:58 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-06-21 21:17:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-21 21:17:29 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-20 22:22:38 99328 --a------ C:\WINDOWS\system32\hqukeiri.dll
2008-06-20 22:19:38 79872 --a------ C:\WINDOWS\system32\adcwfanv.dll
2008-06-20 22:16:39 90624 -----n--- C:\WINDOWS\system32\llmcnwxo.dll
2008-06-19 22:16:38 90112 --a------ C:\WINDOWS\system32\nxaxfvst.dll
2008-06-19 22:13:51 90112 --a------ C:\WINDOWS\system32\scrrerop.dll
2008-06-17 19:07:26 293 --a-s---- C:\WINDOWS\system32\3772346621.dat
2008-06-13 17:35:52 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Xfire
2008-06-13 17:35:48 0 d---s---- C:\Program Files\Xfire
2008-06-13 08:29:09 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-06-12 22:02:28 0 d-------- C:\DirectX9
2008-06-12 20:31:20 0 d-------- C:\Program Files\ASIO4ALL v2
2008-06-11 09:05:12 0 d-------- C:\Program Files\THQ
2008-06-10 19:49:13 0 d-------- C:\VundoFix Backups
2008-06-02 03:09:21 0 d-------- C:\Program Files\DiskInternals
2008-05-28 08:58:48 0 d-------- C:\Program Files\free-downloads.net
2008-05-28 08:58:40 0 d-------- C:\Program Files\Alcohol Soft
2008-05-28 08:51:52 715248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-28 08:43:16 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Obsidium
2008-05-28 08:43:08 0 d-------- C:\Program Files\Oront Burning Kit 2
2008-05-28 07:28:34 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Ashampoo
2008-05-28 07:27:41 0 d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-05-28 07:27:27 0 d-------- C:\Program Files\Ashampoo
2008-05-26 14:46:46 30720 --a------ C:\WINDOWS\system32\drivers\goU85.sys


-- Find3M Report ---------------------------------------------------------------

2008-06-22 17:48:16 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-21 21:17:10 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-20 00:25:40 0 d-------- C:\Program Files\Lx_cats
2008-06-20 00:24:44 0 d-------- C:\Program Files\Lexmark 2300 Series
2008-06-13 17:28:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-13 17:27:58 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\InstallShield
2008-06-12 20:34:02 0 d-------- C:\Program Files\VstPlugins
2008-06-12 20:34:00 0 d-------- C:\Program Files\Image-Line
2008-06-10 20:13:50 0 d-------- C:\Program Files\PowerISO
2008-06-08 21:29:24 0 d-------- C:\Program Files\Common Files\Nero
2008-06-03 17:45:30 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\SwordSearcher 5
2008-06-02 03:28:43 0 d-------- C:\Program Files\GetData
2008-05-21 03:26:46 0 d-------- C:\Program Files\Apple Software Update
2008-05-21 03:19:48 0 d-------- C:\Program Files\iTunes
2008-05-21 03:19:15 0 d-------- C:\Program Files\iPod
2008-05-21 03:16:39 0 d-------- C:\Program Files\QuickTime
2008-04-29 23:54:05 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\ATI MMC
2008-04-28 01:25:47 0 d-------- C:\Program Files\4U Computing
2008-04-05 12:55:25 274095 --a------ C:\WINDOWS\PC Image Editor Uninstaller.exe
2008-04-05 11:22:14 41984 --a------ C:\WINDOWS\system32\sp.exe
2008-04-02 20:08:15 41984 --a------ C:\WINDOWS\superproxy.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0cad25fd-3dbd-43c9-cfe1-dddde5cdf453}]
C:\WINDOWS\system32\nsu2954.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e3b781d-7952-4c35-9c51-edd29db7b54c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F1EEE87-2479-4B1F-A32D-C4ABE287EB01}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4843133A-885B-4347-B1F5-889503F5DAAA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52477BBE-EF9E-4121-BC4C-FC957837F580}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76347c05-23d7-4701-b0ce-fc3a7e914458}]
06/20/2008 10:22 PM 99328 --a------ C:\WINDOWS\system32\hqukeiri.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC56C432-6A71-4CDA-A4E9-C49865C113E8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE8EBD26-CB27-46DD-B561-FC482572AD70}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E25EE903-37EB-467B-B1F0-F71063F6B8C8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E59C79E2-F9C4-42A4-A4B2-128CBD3B8686}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [12/29/2007 09:07 AM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 06:34 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 05:29 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"BM7ba75792"="C:\WINDOWS\system32\nekecwbb.dll" []
"7894640e"="C:\WINDOWS\system32\rhgxsbdb.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/23/2008 03:06 AM]
"Aim6"="" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 05:46 PM]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 10:37 AM]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [12/22/2007 03:20 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"AIM"=C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 12:39 PM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcBTmki]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll 06/24/2008 06:58 PM 15360 C:\WINDOWS\system32\WinCtrl32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Biq18.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\goU85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a5672aa-950f-11db-b814-0013d4cac47f}]
Setup\command- L:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a40a677b-cb64-11db-b826-0012178c0a60}]
AutoRun\command- L:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a43d109c-d83c-11dc-b8ff-0013d4cac47f}]
Setup\command- K:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8c8a3d0-87dd-11da-b7ae-00038a000015}]
Setup\command- L:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd2f4efe-dc42-11dc-b903-0013d4cac47f}]
Setup\command- K:\setup.exe

*Newly Created Service* - POLICYAGENTSENS



-- End of Deckard's System Scanner: finished at 2008-06-24 19:11:25 ------------

=========================================================================




EXTRA.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3200+
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 958.48 MiB / 547.26 MiB
Pagefile Memory (total/avail): 2312.33 MiB / 1915.01 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.07 MiB

C: is Fixed (NTFS) - 178.79 GiB total, 65.52 GiB free.
D: is Fixed (FAT32) - 7.5 GiB total, 1.57 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is CDROM (No Media)
K: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6L200M0 - 186.31 GiB - 2 partitions
\PARTITION0 - Unknown - 7.51 GiB - D:
\PARTITION1 (bootable) - Installable File System - 178.79 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Pro Firewall v7.0.408.000 (Check Point, LTD.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MAINCOMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Owner
LOGONSERVER=\\MAINCOMPUTER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Autodesk\backburner\;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RNLOG_BASEKEY=Software\RealNetworks\RealPlayer\6.0\Preferences\BrowserRecordPluginLog
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=MAINCOMPUTER
USERNAME=HP_Owner
USERPROFILE=C:\Documents and Settings\HP_Owner
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

HP_Owner (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4U MP4 Video Converter (version 1.8.2) --> "C:\Program Files\4U Computing\MP4 Video Converter\unins000.exe"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader Japanese Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-705000000001}
Advanced WMA Workshop version 2.2 --> "C:\Program Files\LitexMedia\Advanced WMA Workshop\unins000.exe"
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM 6.0 --> C:\Program Files\AIM6\uninst.exe
AltoMP3 Gold 5.20 --> C:\Program Files\AltoMP3 Gold\uninst.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Ashampoo Burning Studio 7.21 --> "C:\Program Files\Ashampoo\Ashampoo Burning Studio 7\unins000.exe"
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Multimedia Center 9.08 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6892122-8504-4530-8033-C9EF45A4D014} /l1033
ATI Parental Control & Encoder --> MsiExec.exe /I{9862B19F-4CAD-4EED-920F-2F378D84393F}
ATI Remote Wonder 3.02 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{8F36E44A-E6E7-41B7-B6F6-4637BF84EFA5} /l1033
AuthorScript Engine 1.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{752CA503-E29F-4610-A1A4-B21CDC58EF8D} /l1033
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Backburner --> MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
BatchPhoto v2.1 --> "C:\Program Files\BatchPhoto\unins000.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Brother HL-2040 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD87766F-B326-4CA7-8A82-1ABE11820175}\SETUP.exe" -l0x9 -removeonly /uninst
Browser Optimizer Adssite --> C:\WINDOWS\system32\adssite-remove.exe
Burn My Files --> "C:\Program Files\GetData\Burn My Files\unins000.exe"
Cheetah DVD Burner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}\Setup.exe"
CiD Help --> C:\DOCUME~1\HP_Owner\APPLIC~1\ONLINE~1\Bib byte multi.exe -uninstall
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
Combined Community Codec Pack 2007-07-22 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe"
Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9 /remove
Creative WebCam Live! Pro Driver (1.01.01.1011) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0080.uns -unsext NT -plugin V0080Pin.dll -pluginres V0080Pin.crl
Creative WebCam Live! Pro User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Live! Pro\Creative WebCam Live! Pro User's Guide\English\CTManual.isu"
DAO --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}
Dawn of War - Dark Crusade --> C:\Program Files\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x0009 -removeonly
Dawn Of War - Winter Assault --> MsiExec.exe /X{DD8408E9-9421-484F-979D-DB6361E3E828}
DawnOfWar --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{362D5167-9716-44BE-89FD-BF9EB6EF814B}
Deliverance-Online --> C:\Program Files\Gravity\RO\Uninstal.exe
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DRM Converter 3.2.0 --> "C:\Program Files\DRM Converter\unins000.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
eMusic Download Manager 3.0 --> C:\Program Files\eMusic Download Manager\uninst.exe
ErrorKiller --> MsiExec.exe /X{D531DE33-38C8-40F7-BA75-3F20AB3B951C}
FL Studio 7 --> C:\Program Files\Image-Line\FL Studio 7\uninstall.exe
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
free-downloads.net Toolbar --> C:\PROGRA~1\FREE-D~1.NET\UNWISE.EXE C:\PROGRA~1\FREE-D~1.NET\INSTALL.LOG
Free Video to iPhone Converter version 1.4 --> "C:\Program Files\DVDVideoSoft\Free Video to iPhone Converter\unins000.exe"
GGPO Client --> "C:\Documents and Settings\All Users\Application Data\{3DABBC31-9BB8-45D8-BE78-353E801E5DBA}\ggpo.exe" REMOVE=TRUE MODIFY=FALSE
GGPO Client --> C:\Documents and Settings\All Users\Application Data\{3DABBC31-9BB8-45D8-BE78-353E801E5DBA}\ggpo.exe
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
GUIDE PLUS+™ for Windows® System - ATI --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99D34763-7E45-4FE5-8424-28DBC3A5F0BF}\setup.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Boot Optimizer --> MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Multimedia Keyboard Software --> C:\HP\KBD\KBD.EXE uninstalled
HP Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photosmart 330,380,420,470,7800,8000,8200 Series --> C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 5.0 --> C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
iMesh --> C:\Program Files\iMesh Applications\iMesh\UninstallSurvey.exe C:\PROGRA~1\IMESHA~1\iMesh\UNWISE.EXE C:\PROGRA~1\IMESHA~1\iMesh\INSTALL.LOG
iMesh MediaBar --> C:\Program Files\iMesh Applications\iMesh MediaBar\Uninstall.exe
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
Interactive Learning --> C:\PROGRA~1\Wavetech\APUNINST\UNWISE.EXE C:\PROGRA~1\Wavetech\APUNINST\INSTALL.LOG
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iPhoneBrowser --> rundll32.exe dfshim.dll,ShArpMaintain iPhoneBrowser.application, Culture=neutral, PublicKeyToken=c37bff9de7e9d6d5, processorArchitecture=msil
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Japanese Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java DB 10.2.2.0 --> MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Development Kit 6 Update 3 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160030}
Lexmark 2300 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcgUNST.EXE -NOLICENSE
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe
LimeWire PRO 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MasterCook 7 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5F457DDF-B768-434C-8802-9BB3B383B1E8}
MathPlayer --> C:\Program Files\Design Science\MathPlayer\Setup.exe -u
Maxthon Browser (remove only) --> C:\Program Files\Maxthon\MaxthonUINST.exe
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Outlook Connector --> MsiExec.exe /I{61CC6D1A-672E-4519-B68F-DF796FB58906}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{20110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Express 9 --> C:\WINDOWS\system32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0900}
Microsoft Picture It! Library 9 --> C:\WINDOWS\system32\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3220}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Motorola SM56 Speakerphone Modem --> C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe
Mozill
  • 0

#6
gripgrizzly
Posted 24 June 2008 - 05:26 PM

gripgrizzly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
EXTRA.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3200+
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 958.48 MiB / 547.26 MiB
Pagefile Memory (total/avail): 2312.33 MiB / 1915.01 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.07 MiB

C: is Fixed (NTFS) - 178.79 GiB total, 65.52 GiB free.
D: is Fixed (FAT32) - 7.5 GiB total, 1.57 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is CDROM (No Media)
K: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6L200M0 - 186.31 GiB - 2 partitions
\PARTITION0 - Unknown - 7.51 GiB - D:
\PARTITION1 (bootable) - Installable File System - 178.79 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Pro Firewall v7.0.408.000 (Check Point, LTD.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MAINCOMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Owner
LOGONSERVER=\\MAINCOMPUTER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Autodesk\backburner\;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RNLOG_BASEKEY=Software\RealNetworks\RealPlayer\6.0\Preferences\BrowserRecordPluginLog
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=MAINCOMPUTER
USERNAME=HP_Owner
USERPROFILE=C:\Documents and Settings\HP_Owner
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

HP_Owner (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4U MP4 Video Converter (version 1.8.2) --> "C:\Program Files\4U Computing\MP4 Video Converter\unins000.exe"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader Japanese Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-705000000001}
Advanced WMA Workshop version 2.2 --> "C:\Program Files\LitexMedia\Advanced WMA Workshop\unins000.exe"
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM 6.0 --> C:\Program Files\AIM6\uninst.exe
AltoMP3 Gold 5.20 --> C:\Program Files\AltoMP3 Gold\uninst.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Ashampoo Burning Studio 7.21 --> "C:\Program Files\Ashampoo\Ashampoo Burning Studio 7\unins000.exe"
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Multimedia Center 9.08 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6892122-8504-4530-8033-C9EF45A4D014} /l1033
ATI Parental Control & Encoder --> MsiExec.exe /I{9862B19F-4CAD-4EED-920F-2F378D84393F}
ATI Remote Wonder 3.02 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{8F36E44A-E6E7-41B7-B6F6-4637BF84EFA5} /l1033
AuthorScript Engine 1.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{752CA503-E29F-4610-A1A4-B21CDC58EF8D} /l1033
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Backburner --> MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
BatchPhoto v2.1 --> "C:\Program Files\BatchPhoto\unins000.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Brother HL-2040 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD87766F-B326-4CA7-8A82-1ABE11820175}\SETUP.exe" -l0x9 -removeonly /uninst
Browser Optimizer Adssite --> C:\WINDOWS\system32\adssite-remove.exe
Burn My Files --> "C:\Program Files\GetData\Burn My Files\unins000.exe"
Cheetah DVD Burner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}\Setup.exe"
CiD Help --> C:\DOCUME~1\HP_Owner\APPLIC~1\ONLINE~1\Bib byte multi.exe -uninstall
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
Combined Community Codec Pack 2007-07-22 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe"
Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9 /remove
Creative WebCam Live! Pro Driver (1.01.01.1011) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0080.uns -unsext NT -plugin V0080Pin.dll -pluginres V0080Pin.crl
Creative WebCam Live! Pro User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Live! Pro\Creative WebCam Live! Pro User's Guide\English\CTManual.isu"
DAO --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}
Dawn of War - Dark Crusade --> C:\Program Files\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x0009 -removeonly
Dawn Of War - Winter Assault --> MsiExec.exe /X{DD8408E9-9421-484F-979D-DB6361E3E828}
DawnOfWar --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{362D5167-9716-44BE-89FD-BF9EB6EF814B}
Deliverance-Online --> C:\Program Files\Gravity\RO\Uninstal.exe
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DRM Converter 3.2.0 --> "C:\Program Files\DRM Converter\unins000.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
eMusic Download Manager 3.0 --> C:\Program Files\eMusic Download Manager\uninst.exe
ErrorKiller --> MsiExec.exe /X{D531DE33-38C8-40F7-BA75-3F20AB3B951C}
FL Studio 7 --> C:\Program Files\Image-Line\FL Studio 7\uninstall.exe
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
free-downloads.net Toolbar --> C:\PROGRA~1\FREE-D~1.NET\UNWISE.EXE C:\PROGRA~1\FREE-D~1.NET\INSTALL.LOG
Free Video to iPhone Converter version 1.4 --> "C:\Program Files\DVDVideoSoft\Free Video to iPhone Converter\unins000.exe"
GGPO Client --> "C:\Documents and Settings\All Users\Application Data\{3DABBC31-9BB8-45D8-BE78-353E801E5DBA}\ggpo.exe" REMOVE=TRUE MODIFY=FALSE
GGPO Client --> C:\Documents and Settings\All Users\Application Data\{3DABBC31-9BB8-45D8-BE78-353E801E5DBA}\ggpo.exe
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
GUIDE PLUS+™ for Windows® System - ATI --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99D34763-7E45-4FE5-8424-28DBC3A5F0BF}\setup.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Boot Optimizer --> MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Multimedia Keyboard Software --> C:\HP\KBD\KBD.EXE uninstalled
HP Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photosmart 330,380,420,470,7800,8000,8200 Series --> C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 5.0 --> C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
iMesh --> C:\Program Files\iMesh Applications\iMesh\UninstallSurvey.exe C:\PROGRA~1\IMESHA~1\iMesh\UNWISE.EXE C:\PROGRA~1\IMESHA~1\iMesh\INSTALL.LOG
iMesh MediaBar --> C:\Program Files\iMesh Applications\iMesh MediaBar\Uninstall.exe
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
Interactive Learning --> C:\PROGRA~1\Wavetech\APUNINST\UNWISE.EXE C:\PROGRA~1\Wavetech\APUNINST\INSTALL.LOG
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iPhoneBrowser --> rundll32.exe dfshim.dll,ShArpMaintain iPhoneBrowser.application, Culture=neutral, PublicKeyToken=c37bff9de7e9d6d5, processorArchitecture=msil
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Japanese Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java DB 10.2.2.0 --> MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Development Kit 6 Update 3 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160030}
Lexmark 2300 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcgUNST.EXE -NOLICENSE
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe
LimeWire PRO 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MasterCook 7 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5F457DDF-B768-434C-8802-9BB3B383B1E8}
MathPlayer --> C:\Program Files\Design Science\MathPlayer\Setup.exe -u
Maxthon Browser (remove only) --> C:\Program Files\Maxthon\MaxthonUINST.exe
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Outlook Connector --> MsiExec.exe /I{61CC6D1A-672E-4519-B68F-DF796FB58906}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{20110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Express 9 --> C:\WINDOWS\system32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0900}
Microsoft Picture It! Library 9 --> C:\WINDOWS\system32\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3220}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Motorola SM56 Speakerphone Modem --> C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSN Encarta Plus Support Files --> MsiExec.exe /I{00000000-785F-478A-BAA2-87F1A136068C}
muvee autoProducer 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C3D719A-92C7-4323-89CC-C937D0267B84}\setup.exe" -l0x9
Nero 8 --> MsiExec.exe /X{3C5F1B30-B10B-4579-86DD-D00F662E1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Office 2003 Tour --> MsiExec.exe /I{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}
Oront Burning Kit 2 Basic v2.5.5 --> "C:\Program Files\Oront Burning Kit 2\unins000.exe"
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC-Doctor 5 for Windows --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{AB61A692-5543-4C48-979B-8CEA1C52FE9C} /l1033
PC Booster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0601E1-B65C-11D5-80A9-0000B494D9A6}\Setup.exe" -l0x9
PC Image Editor --> C:\WINDOWS\PC Image Editor Uninstaller.exe
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Prelim --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Prelim\ST5UNST.LOG"
PrivacyControl 2.6 --> "C:\Program Files\PrivacyControl\unins000.exe"
Protected Music Converter 0.99b --> "C:\Program Files\WMA-MP3.com\Protected Music Converter\unins000.exe"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
PSP Video 9 2.25 --> C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
PSP Video Express(remove only) --> "C:\Program Files\PQDVD\PSPVideoExpress\bt-uninst.exe"
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Ragnarok Sakray --> "C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Gravity\RO\IFU651.inf
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Recover My Files --> "C:\Program Files\GetData\Recover My Files\unins000.exe"
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Rhapsody Player Engine --> MsiExec.exe /I{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Self Test Software: Exam 220-301 --> C:\PROGRA~1\SelfTest\EXAMFI~1\EXAMID~1\UNWISE.EXE C:\PROGRA~1\SelfTest\EXAMFI~1\EXAMID~1\INSTALL.LOG
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpyNoMore 2.67 --> C:\Program Files\SpyNoMore\uninst.exe
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
Study Hall Software A+ Practice Tests --> MsiExec.exe /X{F08F325C-E81E-446B-9C8E-21DFF903FF90}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Sword PC Bible Modules Pack 3 --> MsiExec.exe /I{2687E391-05F8-40A1-9D1D-2287308125D5}
SwordSearcher 5.0 Deluxe --> "C:\Program Files\SwordSearcher 5\unins000.exe"
Symantec Technical Support Web Controls --> MsiExec.exe /X{9743AF47-B746-4324-B4C4-512E67D04370}
TitanTV Client components for ATI --> MsiExec.exe /I{0A04149A-F6CC-4E4E-BDC6-44D0E64916FC}
Trojan Remover 6.6.0 --> "C:\Program Files\Trojan Remover\unins000.exe"
UltraISO Premium V8.51 --> "C:\Program Files\UltraISO\unins000.exe"
Uninstall 1.0.0.0 --> "C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Uninstall Startup Inspector --> "C:\Program Files\Startup Inspector for Windows\unins000.exe"
Updates from HP (remove only) --> C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Verizon Broadband Toolbar --> C:\Program Files\VZBB Toolbar\Uninstall.exe
Verizon Online Help & Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF03E6-F17B-11D6-88EA-000476CD2443}\setup.exe" -l0x9 UNINSTALL -removeonly
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Wal-Mart Music Downloads Store --> MsiExec.exe /I{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows XP Creativity Fun Packs - Windows Movie Maker 2 --> MsiExec.exe /X{DA2D4D11-1811-4A24-B719-BF9F048C6106}
Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Audio --> MsiExec.exe /X{A6264FF6-C49D-4533-AF42-4875C38BB24C}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.1 beta --> "C:\Program Files\WinSCP3\unins000.exe"
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
XLink Kai Evolution 7 --> MsiExec.exe /X{BEBDCB3E-D936-4C8D-86ED-11845A05B47A}
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
ZoneAlarm Pro --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type7415 / Error
Event Submitted/Written: 06/24/2008 07:09:51 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type7414 / Error
Event Submitted/Written: 06/24/2008 07:09:51 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type7413 / Error
Event Submitted/Written: 06/24/2008 07:09:51 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type7374 / Error
Event Submitted/Written: 06/24/2008 00:11:05 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type7353 / Error
Event Submitted/Written: 06/23/2008 10:10:01 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type25842 / Error
Event Submitted/Written: 06/24/2008 06:59:59 PM
Event ID/Source: 7003 / Service Control Manager
Event Description:
The Computer Browser service depends on the following nonexistent service: LanmanServer

Event Record #/Type25841 / Error
Event Submitted/Written: 06/24/2008 06:59:59 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The AOL Spyware Protection Service service failed to start due to the following error:
%%3

Event Record #/Type25835 / Error
Event Submitted/Written: 06/24/2008 06:56:47 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type25807 / Error
Event Submitted/Written: 06/24/2008 06:20:29 PM
Event ID/Source: 7003 / Service Control Manager
Event Description:
The Computer Browser service depends on the following nonexistent service: LanmanServer

Event Record #/Type25806 / Error
Event Submitted/Written: 06/24/2008 06:20:29 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The AOL Spyware Protection Service service failed to start due to the following error:
%%3



-- End of Deckard's System Scanner: finished at 2008-06-24 19:11:25 ------------
  • 0

#7
gripgrizzly
Posted 24 June 2008 - 05:27 PM

gripgrizzly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
VundoFix V7.0.5

Scan started at 7:49:13 PM 6/10/2008

Listing files found while scanning....

C:\Program Files\PowerISO\PWRISOSH.DLL

Beginning removal...

Attempting to delete C:\Program Files\PowerISO\PWRISOSH.DLL
C:\Program Files\PowerISO\PWRISOSH.DLL Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V7.0.5

Scan started at 8:37:04 PM 6/10/2008

Listing files found while scanning....

No infected files were found.


VundoFix V7.0.6

Scan started at 6:43:57 PM 6/24/2008

Listing files found while scanning....

C:\Windows\system32\aoterhhl.dll
C:\Windows\system32\cfwfagwl.dll
C:\Windows\system32\ddcBTmki.dll
C:\Windows\system32\dkdnmpul.dll
C:\Windows\system32\edjmfeli.dll
C:\Windows\system32\fuhipfax.dll
C:\Windows\system32\iwfotuoj.dll
C:\Windows\system32\jgvwdoyl.dll
C:\Windows\system32\joqpcgsh.dll
C:\Windows\system32\jryjqbfe.dll
C:\Windows\system32\lbspspvp.dll
C:\Windows\system32\nekecwbb.dll
C:\Windows\system32\nhvbmply.dll
C:\Windows\system32\nsmychhv.dll
C:\Windows\system32\nsu2954.dll
C:\Windows\system32\ogojsewy.dll
C:\Windows\system32\pmxmmadt.dll
C:\Windows\system32\qrnfqfmg.dll
C:\Windows\system32\rcwhangs.dll
C:\Windows\system32\rtmxdgvj.dll
C:\Windows\system32\ssqRLCsP.dll
C:\Windows\system32\tqkqrxui.dll
C:\Windows\system32\uuwmbscu.dll
C:\Windows\system32\vlhcttro.dll
C:\Windows\system32\xafhokpd.dll

Beginning removal...

Attempting to delete C:\Windows\system32\aoterhhl.dll
C:\Windows\system32\aoterhhl.dll Has been deleted!

Attempting to delete C:\Windows\system32\cfwfagwl.dll
C:\Windows\system32\cfwfagwl.dll Has been deleted!

Attempting to delete C:\Windows\system32\ddcBTmki.dll
C:\Windows\system32\ddcBTmki.dll Has been deleted!

Attempting to delete C:\Windows\system32\dkdnmpul.dll
C:\Windows\system32\dkdnmpul.dll Has been deleted!

Attempting to delete C:\Windows\system32\edjmfeli.dll
C:\Windows\system32\edjmfeli.dll Has been deleted!

Attempting to delete C:\Windows\system32\fuhipfax.dll
C:\Windows\system32\fuhipfax.dll Has been deleted!

Attempting to delete C:\Windows\system32\iwfotuoj.dll
C:\Windows\system32\iwfotuoj.dll Has been deleted!

Attempting to delete C:\Windows\system32\jgvwdoyl.dll
C:\Windows\system32\jgvwdoyl.dll Has been deleted!

Attempting to delete C:\Windows\system32\joqpcgsh.dll
C:\Windows\system32\joqpcgsh.dll Has been deleted!

Attempting to delete C:\Windows\system32\jryjqbfe.dll
C:\Windows\system32\jryjqbfe.dll Has been deleted!

Attempting to delete C:\Windows\system32\lbspspvp.dll
C:\Windows\system32\lbspspvp.dll Has been deleted!

Attempting to delete C:\Windows\system32\nekecwbb.dll
C:\Windows\system32\nekecwbb.dll Has been deleted!

Attempting to delete C:\Windows\system32\nhvbmply.dll
C:\Windows\system32\nhvbmply.dll Has been deleted!

Attempting to delete C:\Windows\system32\nsmychhv.dll
C:\Windows\system32\nsmychhv.dll Has been deleted!

Attempting to delete C:\Windows\system32\nsu2954.dll
C:\Windows\system32\nsu2954.dll Has been deleted!

Attempting to delete C:\Windows\system32\ogojsewy.dll
C:\Windows\system32\ogojsewy.dll Has been deleted!

Attempting to delete C:\Windows\system32\pmxmmadt.dll
C:\Windows\system32\pmxmmadt.dll Has been deleted!

Attempting to delete C:\Windows\system32\qrnfqfmg.dll
C:\Windows\system32\qrnfqfmg.dll Has been deleted!

Attempting to delete C:\Windows\system32\rcwhangs.dll
C:\Windows\system32\rcwhangs.dll Has been deleted!

Attempting to delete C:\Windows\system32\rtmxdgvj.dll
C:\Windows\system32\rtmxdgvj.dll Has been deleted!

Attempting to delete C:\Windows\system32\ssqRLCsP.dll
C:\Windows\system32\ssqRLCsP.dll Has been deleted!

Attempting to delete C:\Windows\system32\tqkqrxui.dll
C:\Windows\system32\tqkqrxui.dll Has been deleted!

Attempting to delete C:\Windows\system32\uuwmbscu.dll
C:\Windows\system32\uuwmbscu.dll Has been deleted!

Attempting to delete C:\Windows\system32\vlhcttro.dll
C:\Windows\system32\vlhcttro.dll Has been deleted!

Attempting to delete C:\Windows\system32\xafhokpd.dll
C:\Windows\system32\xafhokpd.dll Has been deleted!

Performing Repairs to the registry.
Done!
=========================================================================





SDFix: Version 1.196
Run by HP_Owner on Tue 06/24/2008 at 05:50 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\HP_Owner\Desktop\NEWFOL~4\SDFix

Checking Services :

Name :
WEK20

Path :
\SystemRoot\System32\Drivers\Wek20.sys

WEK20 - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\12.TMP - Deleted
C:\15.TMP - Deleted
C:\16.TMP - Deleted
C:\17.TMP - Deleted
C:\1B.TMP - Deleted
C:\1D.TMP - Deleted
C:\20.TMP - Deleted
C:\21.TMP - Deleted
C:\22.TMP - Deleted
C:\23.TMP - Deleted
C:\24.TMP - Deleted
C:\25.TMP - Deleted
C:\26.TMP - Deleted
C:\28.TMP - Deleted
C:\2B.TMP - Deleted
C:\2C.TMP - Deleted
C:\2D.TMP - Deleted
C:\2E.TMP - Deleted
C:\30.TMP - Deleted
C:\32.TMP - Deleted
C:\34.TMP - Deleted
C:\37.TMP - Deleted
C:\38.TMP - Deleted
C:\39.TMP - Deleted
C:\WINDOWS\java\java.log\BugSlayerUtil.dll - Deleted
C:\WINDOWS\java\java.log\KILL.EXE - Deleted
C:\WINDOWS\java\java.log\program.exe - Deleted
C:\WINDOWS\java\java.log\program.msi - Deleted
C:\WINDOWS\java\java.log\regkeyadd.reg - Deleted
C:\WINDOWS\java\java.log\services.exe - Deleted
C:\WINDOWS\java\java.log\start.bat - Deleted
C:\WINDOWS\java\java.log\svchost.exe - Deleted
C:\WINDOWS\java\java.log\xdcc.ini - Deleted
C:\WINDOWS\system32\explorer.exe - Deleted
C:\WINDOWS\system32\kl.exe - Deleted
C:\WINDOWS\system32\ntos.exe - Deleted
C:\WINDOWS\system32\WLCtrl32.dll - Deleted
C:\WINDOWS\system32\drivers\WEK20.sys - Deleted


Could Not Remove C:\WINDOWS\system32\WinCtrl32.dll
Could Not Remove C:\WINDOWS\system32\WinNt32.dll

Folder C:\WINDOWS\java\java.log - Removed
Folder C:\WINDOWS\system32\wsnpoem - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 18:27:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:b1,db,9a,83,2d,fa,05,e9,ce,65,af,22,63,e5,a3,17,ac,54,b4,88,1b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:b1,db,9a,83,2d,fa,05,e9,ce,65,af,22,63,e5,a3,17,ac,54,b4,88,1b,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup]
"LogLevel"=dword:20000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download]
"LastSuccessTime"="2008-06-24 22:27:48"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0B9A5D42-D749-18BD-6882-8035C7F903A7}]

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :

C:\WINDOWS\system32\WinCtrl32.dll Found
C:\WINDOWS\system32\WinNt32.dll Found

File Backups: - C:\DOCUME~1\HP_Owner\Desktop\NEWFOL~4\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 23 Nov 2005 213 A.SHR --- "C:\BOOT.BAK"
Mon 23 Jun 2008 21,504 A.SH. --- "C:\WINDOWS\system32\accessh.dll"
Tue 24 Jun 2008 4,404,789 A.SH. --- "C:\WINDOWS\system32\accesshm.sys"
Mon 16 Jan 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 23 Jul 2006 84 A..H. --- "C:\Program Files\ATI Multimedia\RemCtrl\x10prod.sys"
Wed 22 Dec 2004 76,568 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Thu 13 Jan 2005 11,360 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Fri 27 Feb 2004 233,472 A..H. --- "C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll"
Sat 20 Aug 2005 121,237 A..HR --- "C:\Program Files\THQ\Dawn of War\Disk1Check.EXE"
Fri 27 Dec 2002 27,316 A.SH. --- "C:\Documents and Settings\HP_Owner\Desktop\SYSTEM\DUMP.TMP"
Fri 27 Dec 2002 600 A.SH. --- "C:\Documents and Settings\HP_Owner\Desktop\SYSTEM\IDX.TMP"
Sat 24 May 2008 147,456 A..H. --- "C:\Documents and Settings\HP_Owner\My Documents\ANNIE\~WRL1334.tmp"
Sat 24 May 2008 158,208 A..H. --- "C:\Documents and Settings\HP_Owner\My Documents\ANNIE\~WRL2753.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT2.tmp"
Mon 16 Jan 2006 4,348 ...H. --- "C:\Documents and Settings\HP_Owner\My Documents\My Music\License Backup\drmv1key.bak"
Fri 10 Mar 2006 20 A..H. --- "C:\Documents and Settings\HP_Owner\My Documents\My Music\License Backup\drmv1lic.bak"
Wed 22 Feb 2006 400 A.SH. --- "C:\Documents and Settings\HP_Owner\My Documents\My Music\License Backup\drmv2key.bak"
Sat 24 May 2008 147,456 ...H. --- "C:\Documents and Settings\HP_Owner\My Documents\VALLEY VIEW CONDO [bleep]\ANNIE\~WRL1334.tmp"
Sat 24 May 2008 158,208 ...H. --- "C:\Documents and Settings\HP_Owner\My Documents\VALLEY VIEW CONDO [bleep]\ANNIE\~WRL2753.tmp"

Finished!
  • 0

#8
sage5
Posted 25 June 2008 - 07:22 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi gripgrizzly,

WARNING:
Some of the files which are either still present, or have been removed, are of concern.
Among them are traces of Backdoor Trojans & keyloggers.
These are serious security threats, especially if this PC is used to store sensitve data, or conduct online financial transactions, like internet banking, PayPal/credit card transactions etc.
I would advise you, if this PC is used for those purposes, to immediately change all passwords used for any online financial transactions.

There are a number of real-time protection applications running here, which need to be disabled prior to continuing:

Spy-Bot's TeaTimer
Please disable TeaTimer for now. It can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.

Spyware Guard
  • Double-click the red SG in your system try to open Spywareguard.
  • Click Options on the left
  • Uncheck the following
    • Enable Real-Time Scanning
    • Enable Download Protection
    • Enable Browser HiJack Protection
  • Click Save Settings

Spy Sweeper

To disable SpySweeper Shields
  • Open SpySweeper.
  • Click Shield Settings on the right
    (or Shields on the left, depending what screen you're on).
  • Click Internet Explorer and uncheck all items.
  • Click Windows System and uncheck all items.
  • Click Hosts File and uncheck all items.
  • Click Startup Programs and uncheck all items.
  • Close SpySweeper.

Download the following & save to your Desktop:
ComboFix

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.

Posted Image

Download the setup package & save it as originally named, next to ComboFix.exe.
Close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it.

Posted Image

  • Follow the prompts to start ComboFix and agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • Click Yes at the window labelled What's next ? to continue with the scan.
  • When complete, a log named C:\Combofix.txt will open.
  • Please post the entire contents of that log as your next reply.

Cheers,

sage5
  • 0

#9
gripgrizzly
Posted 25 June 2008 - 03:14 PM

gripgrizzly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
hey sage5 when i drag the setup package onto ComboFix.exe
It says that this machine already has the recovery console installed
Aborting operations
  • 0

#10
sage5
Posted 25 June 2008 - 04:26 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
OK, it's good that's already in place.
Now, all you need to do is double click on the Combofix.exe, to run the scanner.
When it is done, post the text from Combofix.txt, as your next reply.
  • 0

Advertisements

#11
gripgrizzly
Posted 25 June 2008 - 05:40 PM

gripgrizzly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ComboFix 08-06-20.4 - HP_Owner 2008-06-25 19:25:02.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.530 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll
C:\WINDOWS\BM7ba75792.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bdbsxghr.ini
C:\WINDOWS\system32\bvuqmcys.ini
C:\WINDOWS\system32\drivers\Biq18.sys
C:\WINDOWS\system32\drivers\goU85.sys
C:\WINDOWS\system32\WinCtrl32.dl_
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\WinNt32.dll
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\system32\xmuqgkft.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BIQ18
-------\Legacy_GOU85
-------\Legacy_LANMANDRV
-------\Service_Biq18
-------\Service_goU85


((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.

2008-06-25 03:15 . 2008-06-25 03:15 0 --a------ C:\WINDOWS\system32\1033j.sys
2008-06-24 19:07 . 2008-06-24 19:07 <DIR> d-------- C:\Deckard
2008-06-24 18:29 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-24 18:29 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-24 17:05 . 2008-06-24 17:06 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-24 16:57 . 2008-06-24 01:11 <DIR> d-------- C:\SDFix
2008-06-23 22:51 . 2008-06-25 11:58 933,205 --ahs---- C:\WINDOWS\system32\accesshm.sys
2008-06-23 22:51 . 2008-06-23 22:51 21,504 --ahs---- C:\WINDOWS\system32\accessh.dll
2008-06-23 22:38 . 2008-06-25 03:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-23 22:38 . 2008-06-23 22:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-23 22:31 . 2008-06-23 22:31 <DIR> d-------- C:\Documents and Settings\HP_Owner\backups
2008-06-23 22:28 . 2008-06-23 22:28 <DIR> d-------- C:\Documents and Settings\HP_Owner\backups_old
2008-06-23 22:27 . 2008-06-23 22:27 <DIR> d-------- C:\Documents and Settings\HP_Owner\backups_old1
2008-06-23 22:26 . 2008-06-23 22:26 <DIR> d-------- C:\Documents and Settings\HP_Owner\backups_old2
2008-06-23 22:24 . 2008-06-23 22:24 <DIR> d-------- C:\Documents and Settings\HP_Owner\backups_old3
2008-06-23 22:24 . 2008-06-23 22:24 <DIR> d-------- C:\Documents and Settings\HP_Owner\backupreg
2008-06-23 22:24 . 2004-08-04 15:00 146,432 --a------ C:\Documents and Settings\HP_Owner\regedit.exe
2008-06-23 22:24 . 2004-08-04 08:00 27,136 --a------ C:\Documents and Settings\HP_Owner\findstr.exe
2008-06-23 22:24 . 2004-08-04 08:00 11,264 --a------ C:\Documents and Settings\HP_Owner\attrib.exe
2008-06-23 22:24 . 2004-08-04 08:00 9,216 --a------ C:\Documents and Settings\HP_Owner\find.exe
2008-06-22 17:56 . 2008-06-22 17:57 <DIR> d-------- C:\Program Files\Panda Security
2008-06-22 08:43 . 2008-06-22 08:43 124 --a------ C:\WINDOWS\system32\explorer.001
2008-06-21 21:17 . 2008-06-22 08:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-21 21:17 . 2008-06-21 21:17 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-06-21 21:17 . 2008-06-21 21:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-21 21:17 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-21 21:17 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-20 22:22 . 2008-06-20 22:22 99,328 --a------ C:\WINDOWS\system32\hqukeiri.dll
2008-06-20 22:19 . 2008-06-22 08:40 79,872 --a------ C:\WINDOWS\system32\adcwfanv.dll
2008-06-20 22:16 . 2008-06-22 08:40 90,624 --------- C:\WINDOWS\system32\llmcnwxo.dll
2008-06-19 22:16 . 2008-06-19 22:16 90,112 --a------ C:\WINDOWS\system32\nxaxfvst.dll
2008-06-19 22:13 . 2008-06-19 22:13 90,112 --a------ C:\WINDOWS\system32\scrrerop.dll
2008-06-17 19:07 . 2008-06-24 22:51 332 --a-s---- C:\WINDOWS\system32\3772346621.dat
2008-06-17 00:51 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-06-17 00:51 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-06-13 17:35 . 2008-06-13 17:36 <DIR> d---s---- C:\Program Files\Xfire
2008-06-13 17:35 . 2008-06-13 17:36 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Xfire
2008-06-13 08:29 . 2008-06-13 08:29 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-12 22:02 . 2008-06-12 22:02 <DIR> d-------- C:\DirectX9
2008-06-12 20:31 . 2008-06-12 20:31 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2008-06-11 09:05 . 2008-06-13 17:28 <DIR> d-------- C:\Program Files\THQ
2008-06-10 19:49 . 2008-06-24 18:57 <DIR> d-------- C:\VundoFix Backups
2008-06-08 21:00 . 2008-06-08 21:00 0 --a------ C:\WINDOWS\Irremote.ini
2008-06-02 03:09 . 2008-06-02 03:09 <DIR> d-------- C:\Program Files\DiskInternals
2008-05-28 08:58 . 2008-05-28 08:58 <DIR> d-------- C:\Program Files\free-downloads.net
2008-05-28 08:58 . 2008-05-28 08:58 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-05-28 08:51 . 2008-05-28 08:51 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-28 08:43 . 2008-05-28 08:44 <DIR> d-------- C:\Program Files\Oront Burning Kit 2
2008-05-28 08:43 . 2008-05-28 08:43 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Obsidium
2008-05-28 07:28 . 2008-05-28 07:28 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Ashampoo
2008-05-28 07:27 . 2008-05-28 07:27 <DIR> d-------- C:\Program Files\Ashampoo
2008-05-28 07:27 . 2008-05-28 07:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 21:48 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-22 01:17 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-06-20 04:25 --------- d-----w C:\Program Files\Lx_cats
2008-06-20 04:24 --------- d-----w C:\Program Files\Lexmark 2300 Series
2008-06-13 21:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-13 21:27 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\InstallShield
2008-06-13 00:34 --------- d-----w C:\Program Files\VstPlugins
2008-06-13 00:34 --------- d-----w C:\Program Files\Image-Line
2008-06-11 00:13 --------- d-----w C:\Program Files\PowerISO
2008-06-09 01:29 --------- d-----w C:\Program Files\Common Files\Nero
2008-06-09 01:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-06-03 21:45 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\SwordSearcher 5
2008-06-02 08:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-02 07:28 --------- d-----w C:\Program Files\GetData
2008-05-21 07:26 --------- d-----w C:\Program Files\Apple Software Update
2008-05-21 07:19 --------- d-----w C:\Program Files\iTunes
2008-05-21 07:19 --------- d-----w C:\Program Files\iPod
2008-05-21 07:16 --------- d-----w C:\Program Files\QuickTime
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-30 03:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-04-30 03:54 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\ATI MMC
2008-04-28 05:25 --------- d-----w C:\Program Files\4U Computing
2008-04-05 16:55 274,095 ----a-w C:\WINDOWS\PC Image Editor Uninstaller.exe
2008-04-03 00:08 41,984 ----a-w C:\WINDOWS\superproxy.exe
2007-12-08 14:44 23,040 ----a-w C:\Program Files\chktrust.exe
2005-12-20 06:38 0 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2008-03-03 18:27 147,456 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008030320080304\index.dat
2008-03-05 13:58 131,072 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008030520080306\index.dat
2008-03-17 03:56 65,536 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031620080317\index.dat
2008-03-23 06:09 131,072 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031720080318\index.dat
2008-03-23 06:09 131,072 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031820080319\index.dat
2008-03-23 06:09 81,920 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031920080320\index.dat
2008-03-23 06:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008032120080322\index.dat
2008-03-23 06:09 196,608 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008032220080323\index.dat
2008-03-23 06:09 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008032320080324\index.dat
.

------- Sigcheck -------

2005-05-25 15:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 13:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 08:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 15:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 22:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 13:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 13:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0cad25fd-3dbd-43c9-cfe1-dddde5cdf453}]
C:\WINDOWS\system32\nsu2954.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76347c05-23d7-4701-b0ce-fc3a7e914458}]
2008-06-20 22:22 99328 --a------ C:\WINDOWS\system32\hqukeiri.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-23 03:06 68856]
"Aim6"="" []
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 03:20 222080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-12-29 09:07 6731312]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2005-07-06 17:16 2972672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 16:08 67160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 12:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcBTmki]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.UYVY"= C:\WINDOWS\system32\msyuv.dll
"vidc.yv12"= ATIYUV12.DLL
"VIDC.YU12"= ATIYUV12.DLL
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 08:00]
R3 ATICXCAP;ATI TV Wonder Pro A/V Capture;C:\WINDOWS\system32\drivers\aticxcap.sys [2005-03-30 10:22]
R3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);C:\WINDOWS\system32\drivers\aticxtun.sys [2005-03-30 10:22]
R3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;C:\WINDOWS\system32\drivers\aticxxbr.sys [2005-03-30 10:22]
R3 DrmCDriverV32;DrmCDriverV32;C:\WINDOWS\system32\drivers\DrmCDriverV32.sys [2007-12-28 15:54]
R3 DrmCVideo32;DrmCVideo32;C:\WINDOWS\system32\DRIVERS\DrmCVideo32.sys [2007-12-28 15:54]
S3 npkycryp;npkycryp;C:\Program Files\Gravity\RO\npkycryp.sys []
S3 SoundMovieServer;SoundMovieServer;"C:\WINDOWS\system32\snmvtsvc.exe" [2007-12-28 16:32]
S3 V0080Dev;Creative Camera VF0080 Driver;C:\WINDOWS\system32\DRIVERS\V0080Dev.sys [2004-10-09 05:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a5672aa-950f-11db-b814-0013d4cac47f}]
\shell\Setup\command - L:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a40a677b-cb64-11db-b826-0012178c0a60}]
\Shell\AutoRun\command - L:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a43d109c-d83c-11dc-b8ff-0013d4cac47f}]
\shell\Setup\command - K:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8c8a3d0-87dd-11da-b7ae-00038a000015}]
\shell\Setup\command - L:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd2f4efe-dc42-11dc-b903-0013d4cac47f}]
\shell\Setup\command - K:\setup.exe

*Newly Created Service* - LIVEUPDATESECLOGON
.
Contents of the 'Scheduled Tasks' folder
"2007-12-28 10:30:23 C:\WINDOWS\Tasks\AA4A561890F9CA88.job"
- c:\docume~1\hp_owner\applic~1\online~1\GplSiteTick.exe
"2008-05-21 07:10:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 19:32:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysAppsrservice]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter Service]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LiveUpdateseclogon]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc23.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServerwinmgmt]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgentSENS]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVPCiSvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservicesdAuxService]
"ImagePath"="ð%€|x\01\09 srv"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-06-25 19:39:27 - machine was rebooted [HP_Owner]
ComboFix-quarantined-files.txt 2008-06-25 23:39:24

Pre-Run: 69,994,352,640 bytes free
Post-Run: 69,920,305,152 bytes free

269 --- E O F --- 2008-06-25 07:06:16
  • 0

#12
sage5
Posted 26 June 2008 - 07:12 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi gripgrizzly,


I see you have LimeWire installed on your system.
While the program itself is legal, most of the files downloaded with it, are not.
These programs can also be one of the major infection routes for an otherwise secure PC, because you might be unknowingly downloading infected files.
I highly recommend uninstalling LimeWire as outlined below.


Remove folders & files:
  • Please go to Start > Control Panel > Add/Remove Programs and remove the following, (if present):
    Browser Optimizer Adssite
    CiD Help
    LimeWire PRO 4.14.10
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Recover My Files
    Symantec Technical Support Web Controls
    Viewpoint Media Player
    Please take note of any other programs that you don't recognise in that list, and include them in your next response


Create a CombFix Script:
  • Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.
  • Now copy/paste the entire content of the codebox below into the Notepad window:
File::
c:\windows\system32\drivers\gou85.sys
c:\windows\system32\drivers\biq18.sys
C:\WINDOWS\Tasks\AA4A561890F9CA88.job
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\superproxy.exe
C:\WINDOWS\system32\sp.exe
C:\WINDOWS\PC Image Editor Uninstaller.exe
C:\WINDOWS\system32\hqukeiri.dll
C:\WINDOWS\system32\adcwfanv.dll
C:\WINDOWS\system32\llmcnwxo.dll
C:\WINDOWS\system32\nxaxfvst.dll
C:\WINDOWS\system32\scrrerop.dll
C:\WINDOWS\system32\3772346621.dat

Folder::
C:\Documents and Settings\HP_Owner\Application Data\onlinethirdsetup
C:\Program Files\LimeWire
C:\Program Files\Symantec
C:\Program Files\GetData\Recover My Files
C:\Program Files\Viewpoint

Driver::
COMSysAppsrservice
HTTPFilter Service
LiveUpdateseclogon
mchInjDrv
[MSIServerwinmgmt
PolicyAgentSENS
RSVPCiSvc
srservicesdAuxService
Biq18
goU85

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcBTmki]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Biq18.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\goU85.sys]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a5672aa-950f-11db-b814-0013d4cac47f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a40a677b-cb64-11db-b826-0012178c0a60}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a43d109c-d83c-11dc-b8ff-0013d4cac47f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8c8a3d0-87dd-11da-b7ae-00038a000015}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd2f4efe-dc42-11dc-b903-0013d4cac47f}]

  • Save the above as CFScript.txt
  • Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
    Posted Image
  • After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#13
gripgrizzly
Posted 26 June 2008 - 03:32 PM

gripgrizzly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ComboFix 08-06-20.4 - HP_Owner 2008-06-26 17:14:35.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.557 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\PC Image Editor Uninstaller.exe
C:\WINDOWS\superproxy.exe
C:\WINDOWS\system32\3772346621.dat
C:\WINDOWS\system32\adcwfanv.dll
C:\WINDOWS\system32\adssite-remove.exe
c:\windows\system32\drivers\biq18.sys
c:\windows\system32\drivers\gou85.sys
C:\WINDOWS\system32\hqukeiri.dll
C:\WINDOWS\system32\llmcnwxo.dll
C:\WINDOWS\system32\nxaxfvst.dll
C:\WINDOWS\system32\scrrerop.dll
C:\WINDOWS\system32\sp.exe
C:\WINDOWS\Tasks\AA4A561890F9CA88.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Owner\Application Data\onlinethirdsetup
C:\Documents and Settings\HP_Owner\Application Data\onlinethirdsetup\0
C:\Documents and Settings\HP_Owner\Application Data\onlinethirdsetup\GplSiteTick.exe
C:\Documents and Settings\HP_Owner\Application Data\onlinethirdsetup\jgnsewdk.exe
C:\Program Files\Symantec
C:\Program Files\Symantec\S32EVNT1.DLL
C:\Program Files\Symantec\SYMEVENT.CAT
C:\Program Files\Symantec\SYMEVENT.INF
C:\Program Files\Symantec\SYMEVENT.SYS
C:\Program Files\Viewpoint
C:\WINDOWS\PC Image Editor Uninstaller.exe
C:\WINDOWS\superproxy.exe
C:\WINDOWS\system32\3772346621.dat
C:\WINDOWS\system32\adcwfanv.dll
C:\WINDOWS\system32\hqukeiri.dll
C:\WINDOWS\system32\llmcnwxo.dll
C:\WINDOWS\system32\nxaxfvst.dll
C:\WINDOWS\system32\scrrerop.dll
C:\WINDOWS\system32\sp.exe
C:\WINDOWS\Tasks\AA4A561890F9CA88.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_COMSYSAPPSRSERVICE
-------\Legacy_HTTPFILTER_SERVICE
-------\Legacy_LIVEUPDATESECLOGON
-------\Legacy_MCHINJDRV
-------\Legacy_POLICYAGENTSENS
-------\Legacy_RSVPCISVC
-------\Legacy_SRSERVICESDAUXSERVICE
-------\Service_COMSysAppsrservice
-------\Service_HTTPFilter Service
-------\Service_LiveUpdateseclogon
-------\Service_mchInjDrv
-------\Service_PolicyAgentSENS
-------\Service_RSVPCiSvc
-------\Service_srservicesdAuxService


((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.

2008-06-26 17:12 . 2008-06-26 17:12 0 --a------ C:\Documents and Settings\HP_Owner\.exe
2008-06-25 03:15 . 2008-06-25 03:15 0 --a------ C:\WINDOWS\system32\1033j.sys
2008-06-24 19:07 . 2008-06-24 19:07 <DIR> d-------- C:\Deckard
2008-06-24 18:29 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-24 18:29 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-24 17:05 . 2008-06-24 17:06 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-24 16:57 . 2008-06-24 01:11 <DIR> d-------- C:\SDFix
2008-06-23 22:51 . 2008-06-25 11:58 933,205 --ahs---- C:\WINDOWS\system32\accesshm.sys
2008-06-23 22:51 . 2008-06-23 22:51 21,504 --ahs---- C:\WINDOWS\system32\accessh.dll
2008-06-23 22:38 . 2008-06-25 19:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-23 22:38 . 2008-06-23 22:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-23 22:31 . 2008-06-23 22:31 <DIR> d-------- C:\Documents and Settings\HP_Owner\backups
2008-06-23 22:28 . 2008-06-23 22:28 <DIR> d-------- C:\Documents and Settings\HP_Owner\backups_old
2008-06-23 22:27 . 2008-06-23 22:27 <DIR> d-------- C:\Documents and Settings\HP_Owner\backups_old1
2008-06-23 22:26 . 2008-06-23 22:26 <DIR> d-------- C:\Documents and Settings\HP_Owner\backups_old2
2008-06-23 22:24 . 2008-06-23 22:24 <DIR> d-------- C:\Documents and Settings\HP_Owner\backups_old3
2008-06-23 22:24 . 2008-06-23 22:24 <DIR> d-------- C:\Documents and Settings\HP_Owner\backupreg
2008-06-23 22:24 . 2004-08-04 15:00 146,432 --a------ C:\Documents and Settings\HP_Owner\regedit.exe
2008-06-23 22:24 . 2004-08-04 08:00 27,136 --a------ C:\Documents and Settings\HP_Owner\findstr.exe
2008-06-23 22:24 . 2004-08-04 08:00 11,264 --a------ C:\Documents and Settings\HP_Owner\attrib.exe
2008-06-23 22:24 . 2004-08-04 08:00 9,216 --a------ C:\Documents and Settings\HP_Owner\find.exe
2008-06-22 17:56 . 2008-06-22 17:57 <DIR> d-------- C:\Program Files\Panda Security
2008-06-22 08:43 . 2008-06-22 08:43 124 --a------ C:\WINDOWS\system32\explorer.001
2008-06-21 21:17 . 2008-06-22 08:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-21 21:17 . 2008-06-21 21:17 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-06-21 21:17 . 2008-06-21 21:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-21 21:17 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-21 21:17 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-17 00:51 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-06-17 00:51 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-06-13 17:35 . 2008-06-13 17:36 <DIR> d---s---- C:\Program Files\Xfire
2008-06-13 17:35 . 2008-06-13 17:36 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Xfire
2008-06-13 08:29 . 2008-06-13 08:29 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-12 22:02 . 2008-06-12 22:02 <DIR> d-------- C:\DirectX9
2008-06-12 20:31 . 2008-06-12 20:31 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2008-06-11 09:05 . 2008-06-13 17:28 <DIR> d-------- C:\Program Files\THQ
2008-06-10 19:49 . 2008-06-24 18:57 <DIR> d-------- C:\VundoFix Backups
2008-06-08 21:00 . 2008-06-08 21:00 0 --a------ C:\WINDOWS\Irremote.ini
2008-06-02 03:09 . 2008-06-02 03:09 <DIR> d-------- C:\Program Files\DiskInternals
2008-05-28 08:58 . 2008-05-28 08:58 <DIR> d-------- C:\Program Files\free-downloads.net
2008-05-28 08:58 . 2008-05-28 08:58 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-05-28 08:51 . 2008-05-28 08:51 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-28 08:43 . 2008-05-28 08:44 <DIR> d-------- C:\Program Files\Oront Burning Kit 2
2008-05-28 08:43 . 2008-05-28 08:43 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Obsidium
2008-05-28 07:28 . 2008-05-28 07:28 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Ashampoo
2008-05-28 07:27 . 2008-05-28 07:27 <DIR> d-------- C:\Program Files\Ashampoo
2008-05-28 07:27 . 2008-05-28 07:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 21:10 --------- d-----w C:\Program Files\GetData
2008-06-26 21:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-26 21:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-22 21:48 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-22 01:17 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-06-20 04:25 --------- d-----w C:\Program Files\Lx_cats
2008-06-20 04:24 --------- d-----w C:\Program Files\Lexmark 2300 Series
2008-06-13 21:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-13 21:27 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\InstallShield
2008-06-13 00:34 --------- d-----w C:\Program Files\VstPlugins
2008-06-13 00:34 --------- d-----w C:\Program Files\Image-Line
2008-06-11 00:13 --------- d-----w C:\Program Files\PowerISO
2008-06-09 01:29 --------- d-----w C:\Program Files\Common Files\Nero
2008-06-09 01:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-06-03 21:45 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\SwordSearcher 5
2008-06-02 08:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-21 07:26 --------- d-----w C:\Program Files\Apple Software Update
2008-05-21 07:19 --------- d-----w C:\Program Files\iTunes
2008-05-21 07:19 --------- d-----w C:\Program Files\iPod
2008-05-21 07:16 --------- d-----w C:\Program Files\QuickTime
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-30 03:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-04-30 03:54 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\ATI MMC
2008-04-28 05:25 --------- d-----w C:\Program Files\4U Computing
2007-12-08 14:44 23,040 ----a-w C:\Program Files\chktrust.exe
2005-12-20 06:38 0 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2008-03-03 18:27 147,456 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008030320080304\index.dat
2008-03-05 13:58 131,072 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008030520080306\index.dat
2008-03-17 03:56 65,536 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031620080317\index.dat
2008-03-23 06:09 131,072 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031720080318\index.dat
2008-03-23 06:09 131,072 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031820080319\index.dat
2008-03-23 06:09 81,920 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031920080320\index.dat
2008-03-23 06:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008032120080322\index.dat
2008-03-23 06:09 196,608 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008032220080323\index.dat
2008-03-23 06:09 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008032320080324\index.dat
.

------- Sigcheck -------

2005-05-25 15:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 13:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 08:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 15:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 22:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 13:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 13:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-25_19.39.14.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-25 23:30:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-26 21:19:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0cad25fd-3dbd-43c9-cfe1-dddde5cdf453}]
C:\WINDOWS\system32\nsu2954.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-23 03:06 68856]
"Aim6"="" []
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 03:20 222080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-12-29 09:07 6731312]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2005-07-06 17:16 2972672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 16:08 67160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 12:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.UYVY"= C:\WINDOWS\system32\msyuv.dll
"vidc.yv12"= ATIYUV12.DLL
"VIDC.YU12"= ATIYUV12.DLL
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 08:00]
R3 ATICXCAP;ATI TV Wonder Pro A/V Capture;C:\WINDOWS\system32\drivers\aticxcap.sys [2005-03-30 10:22]
R3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);C:\WINDOWS\system32\drivers\aticxtun.sys [2005-03-30 10:22]
R3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;C:\WINDOWS\system32\drivers\aticxxbr.sys [2005-03-30 10:22]
R3 DrmCDriverV32;DrmCDriverV32;C:\WINDOWS\system32\drivers\DrmCDriverV32.sys [2007-12-28 15:54]
R3 DrmCVideo32;DrmCVideo32;C:\WINDOWS\system32\DRIVERS\DrmCVideo32.sys [2007-12-28 15:54]
S3 npkycryp;npkycryp;C:\Program Files\Gravity\RO\npkycryp.sys []
S3 SoundMovieServer;SoundMovieServer;"C:\WINDOWS\system32\snmvtsvc.exe" [2007-12-28 16:32]
S3 V0080Dev;Creative Camera VF0080 Driver;C:\WINDOWS\system32\DRIVERS\V0080Dev.sys [2004-10-09 05:51]

*Newly Created Service* - MCHINJDRV
.
Contents of the 'Scheduled Tasks' folder
"2008-05-21 07:10:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 17:20:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc23.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServerwinmgmt]
"ImagePath"="ð%€|x\01\09 srv"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-06-26 17:28:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-26 21:28:08
ComboFix2.txt 2008-06-25 23:39:28

Pre-Run: 70,406,602,752 bytes free
Post-Run: 70,400,118,784 bytes free

271 --- E O F --- 2008-06-25 07:06:16
=====================================================================











Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:31:55 PM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\internet explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://products.webr...p...5E^sbuv`iof
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: adssite - {0cad25fd-3dbd-43c9-cfe1-dddde5cdf453} - C:\WINDOWS\system32\nsu2954.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Default user')
O4 - Startup: Shortcut (2) to verizon.lnk = ?
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\DRM Converter\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\DRM Converter\YouTubeRipper.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...oad/tgctlcm.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec....rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1202103426000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Advanced Micro Devices - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Windows Installer MSIServerwinmgmt (MSIServerwinmgmt) - Unknown owner - C:\WINDOWS\
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

--
End of file - 12393 bytes
  • 0

#14
sage5
Posted 26 June 2008 - 08:57 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi gripgrizzly,

These 2 didn't go, possibly because I made a typo in the instructions. :)

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc23.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServerwinmgmt]
"ImagePath"="ð%€|x\01\09 srv"


Please download the following & save to your Desktop:
ATF Cleaner by Atribune.

Clean out cookies, temp files etc:
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Run HijackThis.
  • Click the Do a system scan only button.
  • Check the boxes for the all the entries listed below:
O2 - BHO: adssite - {0cad25fd-3dbd-43c9-cfe1-dddde5cdf453} - C:\WINDOWS\system32\nsu2954.dll (file missing)
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe

  • Now close all windows other than HijackThis and click Fix Checked.
  • Close HijackThis.

Please do 1 more run with Combofix to see if they go this time:

Create a new CombFix Script:
  • Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.
  • Now copy/paste the entire content of the codebox below into the Notepad window:
File::
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\system32\explorer.001
C:\WINDOWS\TEMP\mc23.tmp
C:\WINDOWS\system32\accesshm.sys
C:\WINDOWS\system32\accessh.dll

Driver::
mchInjDrv
MSIServerwinmgmt

  • Delete any existing CFScript.txt files from your Desktop & Save the above as CFScript.txt
  • Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


Reboot back into Windows and run Panda ActiveScan:
Open Internet Explorer and paste the following into the address bar http://www.pandasoftware.com/products/activescan.htm
  • Once you are on the Panda site click the Scan your PC button.
  • Enter your Country, State/Province & email address
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it.
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Perhaps as C:\panda log.txt
Please note where this log is saved, I will need you to post the contents, along with the others mentioned, with a fresh HijackThis log later.

Please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
  • C:\panda log.txt

Cheers,

sage5
  • 0

#15
gripgrizzly
Posted 29 June 2008 - 07:19 PM

gripgrizzly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ComboFix 08-06-20.4 - HP_Owner 2008-06-27 1:14:20.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.565 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\accessh.dll
C:\WINDOWS\system32\accesshm.sys
C:\WINDOWS\system32\explorer.001
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\TEMP\mc23.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\accessh.dll
C:\WINDOWS\system32\accesshm.sys
C:\WINDOWS\system32\explorer.001
C:\WINDOWS\system32\lxcgcoms.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MCHINJDRV
-------\Legacy_MSISERVERWINMGMT
-------\Service_mchInjDrv
-------\Service_MSIServerwinmgmt


((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-26 17:12 . 2008-06-26 17:12 0 --a------ C:\Documents and Settings\HP_Owner\.exe
2008-06-25 03:15 . 2008-06-25 03:15 0 --a------ C:\WINDOWS\system32\1033j.sys
2008-06-24 19:07 . 2008-06-24 19:07 <DIR> d-------- C:\Deckard
2008-06-24 18:29 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-24 18:29 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-24 17:05 . 2008-06-24 17:06 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-24 16:57 . 2008-06-24 01:11 <DIR> d-------- C:\SDFix
2008-06-23 22:38 . 2008-06-27 00:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-23 22:38 . 2008-06-23 22:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-23 22:31 . 2008-06-23 22:31 <DIR> d-------- C:\Documents and Settings\HP_Owner\backups
2008-06-23 22:28 . 2008-06-23 22:28 <DIR> d-------- C:\Documents and Settings\HP_Owner\backups_old
2008-06-23 22:27 . 2008-06-23 22:27 <DIR> d-------- C:\Documents and Settings\HP_Owner\backups_old1
2008-06-23 22:26 . 2008-06-23 22:26 <DIR> d-------- C:\Documents and Settings\HP_Owner\backups_old2
2008-06-23 22:24 . 2008-06-23 22:24 <DIR> d-------- C:\Documents and Settings\HP_Owner\backups_old3
2008-06-23 22:24 . 2008-06-23 22:24 <DIR> d-------- C:\Documents and Settings\HP_Owner\backupreg
2008-06-23 22:24 . 2004-08-04 15:00 146,432 --a------ C:\Documents and Settings\HP_Owner\regedit.exe
2008-06-23 22:24 . 2004-08-04 08:00 27,136 --a------ C:\Documents and Settings\HP_Owner\findstr.exe
2008-06-23 22:24 . 2004-08-04 08:00 11,264 --a------ C:\Documents and Settings\HP_Owner\attrib.exe
2008-06-23 22:24 . 2004-08-04 08:00 9,216 --a------ C:\Documents and Settings\HP_Owner\find.exe
2008-06-22 17:56 . 2008-06-22 17:57 <DIR> d-------- C:\Program Files\Panda Security
2008-06-21 21:17 . 2008-06-22 08:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-21 21:17 . 2008-06-21 21:17 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-06-21 21:17 . 2008-06-21 21:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-21 21:17 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-21 21:17 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-17 00:51 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-06-17 00:51 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-06-13 17:35 . 2008-06-13 17:36 <DIR> d---s---- C:\Program Files\Xfire
2008-06-13 17:35 . 2008-06-13 17:36 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Xfire
2008-06-13 08:29 . 2008-06-13 08:29 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-12 22:02 . 2008-06-12 22:02 <DIR> d-------- C:\DirectX9
2008-06-12 20:31 . 2008-06-12 20:31 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2008-06-11 09:05 . 2008-06-13 17:28 <DIR> d-------- C:\Program Files\THQ
2008-06-10 19:49 . 2008-06-24 18:57 <DIR> d-------- C:\VundoFix Backups
2008-06-08 21:00 . 2008-06-08 21:00 0 --a------ C:\WINDOWS\Irremote.ini
2008-06-02 03:09 . 2008-06-02 03:09 <DIR> d-------- C:\Program Files\DiskInternals
2008-05-28 08:58 . 2008-05-28 08:58 <DIR> d-------- C:\Program Files\free-downloads.net
2008-05-28 08:58 . 2008-05-28 08:58 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-05-28 08:51 . 2008-05-28 08:51 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-28 08:43 . 2008-05-28 08:44 <DIR> d-------- C:\Program Files\Oront Burning Kit 2
2008-05-28 08:43 . 2008-05-28 08:43 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Obsidium
2008-05-28 07:28 . 2008-05-28 07:28 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Ashampoo
2008-05-28 07:27 . 2008-05-28 07:27 <DIR> d-------- C:\Program Files\Ashampoo
2008-05-28 07:27 . 2008-05-28 07:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 21:10 --------- d-----w C:\Program Files\GetData
2008-06-26 21:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-26 21:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-22 21:48 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-22 01:17 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-06-20 04:25 --------- d-----w C:\Program Files\Lx_cats
2008-06-20 04:24 --------- d-----w C:\Program Files\Lexmark 2300 Series
2008-06-13 21:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-13 21:27 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\InstallShield
2008-06-13 00:34 --------- d-----w C:\Program Files\VstPlugins
2008-06-13 00:34 --------- d-----w C:\Program Files\Image-Line
2008-06-11 00:13 --------- d-----w C:\Program Files\PowerISO
2008-06-09 01:29 --------- d-----w C:\Program Files\Common Files\Nero
2008-06-09 01:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-06-03 21:45 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\SwordSearcher 5
2008-06-02 08:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-21 07:26 --------- d-----w C:\Program Files\Apple Software Update
2008-05-21 07:19 --------- d-----w C:\Program Files\iTunes
2008-05-21 07:19 --------- d-----w C:\Program Files\iPod
2008-05-21 07:16 --------- d-----w C:\Program Files\QuickTime
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-30 03:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-04-30 03:54 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\ATI MMC
2008-04-28 05:25 --------- d-----w C:\Program Files\4U Computing
2007-12-08 14:44 23,040 ----a-w C:\Program Files\chktrust.exe
2005-12-20 06:38 0 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2008-03-03 18:27 147,456 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008030320080304\index.dat
2008-03-05 13:58 131,072 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008030520080306\index.dat
2008-03-17 03:56 65,536 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031620080317\index.dat
2008-03-23 06:09 131,072 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031720080318\index.dat
2008-03-23 06:09 131,072 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031820080319\index.dat
2008-03-23 06:09 81,920 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031920080320\index.dat
2008-03-23 06:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008032120080322\index.dat
2008-03-23 06:09 196,608 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008032220080323\index.dat
2008-03-23 06:09 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008032320080324\index.dat
.

------- Sigcheck -------

2005-05-25 15:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 13:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 08:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 15:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 22:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 13:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 13:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-25_19.39.14.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-25 23:30:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-27 05:19:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-23 03:06 68856]
"Aim6"="" []
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 03:20 222080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-12-29 09:07 6731312]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2005-07-06 17:16 2972672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 16:08 67160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 12:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.UYVY"= C:\WINDOWS\system32\msyuv.dll
"vidc.yv12"= ATIYUV12.DLL
"VIDC.YU12"= ATIYUV12.DLL
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 08:00]
R3 ATICXCAP;ATI TV Wonder Pro A/V Capture;C:\WINDOWS\system32\drivers\aticxcap.sys [2005-03-30 10:22]
R3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);C:\WINDOWS\system32\drivers\aticxtun.sys [2005-03-30 10:22]
R3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;C:\WINDOWS\system32\drivers\aticxxbr.sys [2005-03-30 10:22]
R3 DrmCDriverV32;DrmCDriverV32;C:\WINDOWS\system32\drivers\DrmCDriverV32.sys [2007-12-28 15:54]
R3 DrmCVideo32;DrmCVideo32;C:\WINDOWS\system32\DRIVERS\DrmCVideo32.sys [2007-12-28 15:54]
S3 npkycryp;npkycryp;C:\Program Files\Gravity\RO\npkycryp.sys []
S3 SoundMovieServer;SoundMovieServer;"C:\WINDOWS\system32\snmvtsvc.exe" [2007-12-28 16:32]
S3 V0080Dev;Creative Camera VF0080 Driver;C:\WINDOWS\system32\DRIVERS\V0080Dev.sys [2004-10-09 05:51]

*Newly Created Service* - MCHINJDRV
.
Contents of the 'Scheduled Tasks' folder
"2008-05-21 07:10:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 01:20:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc23.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-06-27 1:28:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-27 05:27:50
ComboFix2.txt 2008-06-26 21:28:12
ComboFix3.txt 2008-06-25 23:39:28

Pre-Run: 70,376,239,104 bytes free
Post-Run: 70,350,974,976 bytes free

233 --- E O F --- 2008-06-25 07:06:16
================================================================================
==============







;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-06-29 21:12:01
PROTECTIONS: 0
MALWARE: 91
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00035917 adware/ist.sidefind Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\sidefind
00042191 adware/ist.yoursitebar Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\yoursitebar
00047993 adware/powerscan Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\power scan
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\HP_Owner\Desktop\New Folder (4)\SDFix\apps\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP49\A0051988.exe
00139535 Application/Processor HackTools No 0 No No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP39\A0027516.exe[²ƒÇ]
00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\HP_Owner\Desktop\SDFix.exe[SDFix\apps\Process.exe]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.xiti.com/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.azjmp.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.toplist.cz/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.apmebf.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.bs.serving-sys.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[www.burstbeacon.com/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[server.iad.liveperson.net/hc/2500496]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[server.iad.liveperson.net/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.realmedia.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.adrevolver.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.bravenet.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.adultfriendfinder.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.target.com/]
00259819 Application/Ardamax HackTools No 0 Yes No C:\Documents and Settings\HP_Owner\Desktop\iphone tools\Recover My Files 3.98 Build 5178 + serial\RecoverMyFiles.exe
00259819 Application/Ardamax HackTools No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP53\A0053843.exe
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atwola[1].txt
00292419 Adware/TrustIn Adware No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP19\A0005968.exe
00292419 Adware/TrustIn Adware No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP19\A0005967.exe
00519333 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP39\A0027516.exe
00524993 Trj/Downloader.ODN Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP19\A0005969.dll
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP52\A0053727.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP56\A0053993.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP55\A0053929.EXE
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP39\A0027513.exe[327882R2FWJFW\nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP39\A0027513.exe[327882R2FWJFW\nircmd.cfexe]
01343147 Application/MyWay HackTools No 0 Yes No C:\hp\bin\wbug\HPSummer2005.exe
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\ditx6kaw.default\cookies.txt[.adserver.easyad.info/]
01692556 Application/ScanSpyware HackTools No 0 Yes No C:\Program Files\ScanSpyware v3.8\baBackupRestore.dll
01692557 Application/ScanSpyware HackTools No 0 Yes No C:\Program Files\ScanSpyware v3.8\Scanner.exe
02812218 Adware/AdRotator Adware No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP25\A0014307.dll
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP56\A0053982.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP55\A0053918.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP52\A0053712.sys
02887798 Rootkit/Agent.HML Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP28\A0016800.sys
02887798 Rootkit/Agent.HML Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP32\A0018203.sys
02887798 Rootkit/Agent.HML Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP33\A0020566.sys
02888356 Adware/Lop Adware No 0 Yes No C:\QooBox\Quarantine\C\Documents and Settings\HP_Owner\Application Data\onlinethirdsetup\jgnsewdk.exe.vir
02888356 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP55\A0053899.exe
02895534 Bck/Lanman.CA Virus/Trojan No 0 Yes No C:\WINDOWS\system32\drivers\govno.exe
02895534 Bck/Lanman.CA Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP33\A0020513.exe
02895534 Bck/Lanman.CA Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP33\A0020501.exe
02895534 Bck/Lanman.CA Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP34\A0020600.exe
02895534 Bck/Lanman.CA Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP32\A0018129.exe
02895534 Bck/Lanman.CA Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP32\A0018128.exe
02895534 Bck/Lanman.CA Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP31\A0017162.exe
02895534 Bck/Lanman.CA Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP31\A0017161.exe
02895534 Bck/Lanman.CA Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP33\A0020514.exe
02900272 Trj/Agent.IAB Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP28\A0016854.dll
02900272 Trj/Agent.IAB Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP25\A0011265.dll
02900272 Trj/Agent.IAB Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP25\A0013271.dll
02900272 Trj/Agent.IAB Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP25\A0014281.dll
02901473 W32/Sohanat.ES.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP25\A0014367.dll
02901473 W32/Sohanat.ES.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP25\A0014330.dll
02901644 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP26\A0015786.sys
02901644 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP26\A0014927.sys
02901644 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP25\A0014334.sys
02901644 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP26\A0015765.sys
02901644 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP25\A0014371.sys
02901644 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP27\A0016789.sys
02901644 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP25\A0014384.sys
02902370 Trj/BedeTres.M Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP27\A0016782.dll
02902370 Trj/BedeTres.M Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP26\A0015782.dll
02902370 Trj/BedeTres.M Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP26\A0015761.dll
02902370 Trj/BedeTres.M Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP26\A0014761.dll
02902370 Trj/BedeTres.M Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP25\A0014380.dll
02904747 Adware/AdRotator Adware No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP29\A0017132.dll
02904747 Adware/AdRotator Adware No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP25\A0014342.dll
02904747 Adware/AdRotator Adware No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP29\A0017044.dll
02904747 Adware/AdRotator Adware No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP35\A0022075.dll
02904747 Adware/AdRotator Adware No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP26\A0015834.dll
02905994 Adware/BHO Adware No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP26\A0015833.dll
02905994 Adware/BHO Adware No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP29\A0017065.dll
02905994 Adware/BHO Adware No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP25\A0014341.dll
02905994 Adware/BHO Adware No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP29\A0017043.dll
02905994 Adware/BHO Adware No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP32\A0018065.dll
02906853 Trj/Downloader.SZH Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP32\A0018061.dll
02906853 Trj/Downloader.SZH Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP33\A0018339.dll
02906853 Trj/Downloader.SZH Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP29\A0017061.dll
02906853 Trj/Downloader.SZH Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP33\A0019339.dll
02906853 Trj/Downloader.SZH Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP28\A0016853.dll
02908947 Trj/BedeTres.O Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP33\A0020420.dll
02908947 Trj/BedeTres.O Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP33\A0019420.dll
02908947 Trj/BedeTres.O Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP33\A0020503.dll
02910199 Trj/BedeTres.P Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP33\A0019424.sys
02910199 Trj/BedeTres.P Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP33\A0019343.sys
02910199 Trj/BedeTres.P Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP33\A0020424.sys
02912106 Rootkit/Agent.IMS HackTools No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP28\A0016858.sys
02912106 Rootkit/Agent.IMS HackTools No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP29\A0017058.sys
02912106 Rootkit/Agent.IMS HackTools No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP32\A0018066.sys
02912106 Rootkit/Agent.IMS HackTools No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP29\A0017066.sys
02912106 Rootkit/Agent.IMS HackTools No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP33\A0018371.sys
02913348 Trj/Downloader.TID Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP35\A0022771.dll
02913348 Trj/Downloader.TID Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP35\A0021771.dll
02917485 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP33\A0020512.exe
02917485 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\sp.exe.vir
02917485 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\superproxy.exe.vir
02917485 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP55\A0053905.exe
02917485 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP55\A0053911.exe
02917491 Trj/BedeTres.R Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP37\A0022920.dll
02917491 Trj/BedeTres.R Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP37\A0023366.dll
02917491 Trj/BedeTres.R Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP39\A0026438.dll
02937560 Trj/Downloader.TOU Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP37\A0023365.dll
02937560 Trj/Downloader.TOU Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP37\A0024323.dll
02950815 Adware/GoodSearchNow Adware No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP37\A0023370.sys
02968342 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP37\A0023371.sys
02983811 Adware/BHO Adware No 0 Yes No C:\VundoFix Backups\nsu2954.dll.bad
02983811 Adware/BHO Adware No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP48\A0051429.dll
02993971 Trj/Agent.IVT Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP37\A0025323.dll
02993971 Trj/Agent.IVT Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP38\A0025397.dll
02993972 Trj/Agent.IVT Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP37\A0024327.sys
02993972 Trj/Agent.IVT Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP38\A0026420.sys
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\Documents and Settings\HP_Owner\Desktop\New Folder (4)\SDFix\backups\catchme.zip[WinNt32.dll]
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP39\A0029435.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP39\A0026435.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP39\A0029451.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP48\A0051446.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP39\A0030451.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\catchme2008-06-25_192840.21.zip[WinNt32.dll]
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP39\A0028435.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP39\A0031451.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP48\A0049959.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP39\A0032451.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP48\A0048959.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP39\A0033451.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP48\A0048509.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP39\A0034451.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP48\A0048494.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP39\A0035451.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP48\A0048482.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP39\A0036451.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP48\A0048474.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP39\A0037451.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP48\A0048440.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP39\A0038451.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP47\A0048289.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP39\A0039451.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP47\A0047289.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP39\A0039462.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP46\A0046289.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP43\A0045289.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP39\A0040462.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP43\A0045277.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP42\A0045229.dll
02995620 Trj/Agent.IWE Virus/Trojan No 0 Yes No
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP