Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possibly Vundo (but not sure) - I've posted my HJT Log [CLOSED] [R


  • This topic is locked This topic is locked

#1
shippouchan

shippouchan

    Member

  • Member
  • PipPip
  • 21 posts
Hey there,

My computer suddenly started having popups last night, (again, I might add), and I thought it might be Outerinfo type stuff, since it's happened to my computer before. But on further analysis, it looks like it might be the Vundo trojan, although I'm not sure.

Basically what's happened is:

- LOTS of IE pop ups
- background replaced with an ad telling me that i need to update my virus scanners
- unable to use firefox, ie, opera, etc. or any other browser to access the internet (i'm using a laptop computer to access the net and post this)
- slowed computer
- mcafee keeps having little popups in the lower right hand corner of the screen, saying that my computer is vulnerable to attack/ under attack/ etc.
- windows ' automatic update was disabled
- and just now, my entire screen has been blanked out and my computer is currently frozen

Things I have done:

- ran VundoFix.exe (didn't find Vundo)
- ran VirtumundoBeGone.exe (also did not find Vundo)

I ran HiJack This as "scanning.exe" and came up with the attached logfile. Could someone look at it and tell me what it is that is plaguing my computer and how I can fix it?? Thanks so much.




---




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:31:24 AM, on 7/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\IA\command.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\444.470
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\portsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\uoyzsydz.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\jownw64j.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\qcntpkdm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\YSTEM3~1\rundll.exe
C:\PROGRA~1\COMMON~1\omuw\omuwm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\omuw\omuwa.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Planex\Common\RaUI.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Owner\Application Data\??crosoft.NET\j?vaw.exe
C:\Documents and Settings\Owner\My Documents\HJT\Scanning.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Owner/Desktop/homepage2/links.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uoyzsydz.exe,
N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\h5gszwhx.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\h5gszwhx.slt\prefs.js)
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: gooochi browser optimizer - {06ef34fa-c415-d161-a387-8ddcad1dc4eb} - C:\WINDOWS\system32\dpzzjbtqctxxm.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {8F67B84A-05FC-2A56-FF38-0BA2ECE94890} - C:\WINDOWS\system32\ermbvv.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: {61680c7f-0b7e-5c9b-6744-f1c6f177ba3d} - {d3ab771f-6c1f-4476-b9c5-e7b0f7c08616} - C:\WINDOWS\system32\djiwyg.dll
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {FEA608D6-4D32-45B0-9BE3-53A1617CBAF2} - C:\WINDOWS\system32\ddcYrPHA.dll
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB003" /M "Stylus CX5400"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [{CD-DD-DC-C1-DW}] C:\windows\system32\jownw64j.exe DWram02FF
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\Run: [{bca9887c-d68a-b6f9-f7eb-a55adcefdbe6}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\dpzzjbtqctxxm.dll" DllStart
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\qcntpkdm.exe DWram02FF
O4 - HKLM\..\Run: [906cdd6e] rundll32.exe "C:\WINDOWS\system32\wguvjyii.dll",b
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [BM935feef2] Rundll32.exe "C:\WINDOWS\system32\botunlcr.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Notn] "C:\PROGRA~1\YSTEM3~1\rundll.exe" -vt yazb
O4 - HKCU\..\Run: [omuw] C:\PROGRA~1\COMMON~1\omuw\omuwm.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\qcntpkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jownw64j.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Planex Wireless Utility.lnk = C:\Program Files\Planex\Common\RaUI.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.usmd.edu/...er/tdserver.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {41649A90-B484-11D1-8D75-00C04FC24EE6} (WebEQ Browser Controls) - http://phga.pearsonc...ebEQInstall.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors...ocx/plotwon.ocx
O16 - DPF: {C62DFDC7-2EEC-4C2C-827A-BC0BFB4260B3} (IMViewerControl Class) - http://companion.log...1/bin/imvid.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.470.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 14864 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.




Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
shippouchan

shippouchan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thanks, it's looking a lot cleaner, and the background has no longer been totally taken over by some rogue thing. However, my firefox is still not working... should I redownload?

Also, I am still getting ie popups. Such as "Malware Protector 2008 scanner...." and another one that, if I right click, shows "Block this popup, Blanket 'ad.oinadserver.com" as options...

Anyway, here's my Report from SDFix:


SDFix: Version 1.205
Run by Owner on Sun 07/13/2008 at 10:57 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
clbdriver
cmdService
MsSecurity1.209.4
Network Monitor

Path :
\??\globalroot\systemroot\system32\drivers\clbdriver.sys
C:\WINDOWS\IA\command.exe
C:\WINDOWS\444.470 service
C:\Program Files\Network Monitor\netmon.exe service

clbdriver - Deleted
cmdService - Deleted
MsSecurity1.209.4 - Deleted
Network Monitor - Deleted

Killing PID 2212 'uoyzsydz.exe'


Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\IA\asappsrv.dll - Deleted
C:\WINDOWS\IA\command.exe - Deleted
C:\WINDOWS\IA\KE.vbs - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe - Deleted
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe - Deleted
C:\WINDOWS\x.exe - Deleted
C:\WINDOWS\y.exe - Deleted
C:\WINDOWS\b103.exe - Deleted
C:\WINDOWS\b104.exe - Deleted
C:\WINDOWS\mrofinu1000106.exe - Deleted
C:\WINDOWS\mrofinu572.exe - Deleted
C:\WINDOWS\mrofinu572.exe.tmp - Deleted
C:\Program Files\Network Monitor\netmon.exe - Deleted
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Deewoo.lnk - Deleted
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\DW_Start.lnk - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\removalfile.bat - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\yazzsnet.exe - Deleted
C:\WINDOWS\accesss.exe - Deleted
C:\WINDOWS\astctl32.ocx - Deleted
C:\WINDOWS\avpcc.dll - Deleted
C:\WINDOWS\clrssn.exe - Deleted
C:\WINDOWS\cpan.dll - Deleted
C:\WINDOWS\ctfmon32.exe - Deleted
C:\WINDOWS\ctrlpan.dll - Deleted
C:\WINDOWS\default.htm - Deleted
C:\WINDOWS\directx32.exe - Deleted
C:\WINDOWS\dnsrelay.dll - Deleted
C:\WINDOWS\editpad.exe - Deleted
C:\WINDOWS\explore.exe - Deleted
C:\WINDOWS\explorer32.exe - Deleted
C:\WINDOWS\funniest.exe - Deleted
C:\WINDOWS\funny.exe - Deleted
C:\WINDOWS\gfmnaaa.dll - Deleted
C:\WINDOWS\helpcvs.exe - Deleted
C:\WINDOWS\iedll.exe - Deleted
C:\WINDOWS\iexplorer.exe - Deleted
C:\WINDOWS\inetinf.exe - Deleted
C:\WINDOWS\internet.exe - Deleted
C:\WINDOWS\loader.exe - Deleted
C:\WINDOWS\megavid.cdt - Deleted
C:\WINDOWS\msconfd.dll - Deleted
C:\WINDOWS\msspi.dll - Deleted
C:\WINDOWS\mssys.exe - Deleted
C:\WINDOWS\msupdate.exe - Deleted
C:\WINDOWS\mswsc10.dll - Deleted
C:\WINDOWS\mswsc20.dll - Deleted
C:\WINDOWS\mtwirl32.dll - Deleted
C:\WINDOWS\muotr.so - Deleted
C:\WINDOWS\notepad32.exe - Deleted
C:\WINDOWS\olehelp.exe - Deleted
C:\WINDOWS\qttasks.exe - Deleted
C:\WINDOWS\quicken.exe - Deleted
C:\WINDOWS\rundll16.exe - Deleted
C:\WINDOWS\rundll32.vbe - Deleted
C:\WINDOWS\searchword.dll - Deleted
C:\WINDOWS\sistem.exe - Deleted
C:\WINDOWS\svchost32.exe - Deleted
C:\WINDOWS\svcinit.exe - Deleted
C:\WINDOWS\systeem.exe - Deleted
C:\WINDOWS\systemcritical.exe - Deleted
C:\WINDOWS\system32\atmtd.dll - Deleted
C:\WINDOWS\system32\atmtd.dll._ - Deleted
C:\WINDOWS\system32\hljwugsf.bin - Deleted
C:\WINDOWS\system32\msnav32.ax - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\system32\rwwnw64d.exe - Deleted
C:\WINDOWS\system32\uoyzsydz.exe - Deleted
C:\WINDOWS\system32\zxdnt3d.cfg - Deleted
C:\WINDOWS\time.exe - Deleted
C:\WINDOWS\uninstall_nmon.vbs - Deleted
C:\WINDOWS\users32.exe - Deleted
C:\WINDOWS\waol.exe - Deleted
C:\WINDOWS\win32e.exe - Deleted
C:\WINDOWS\win64.exe - Deleted
C:\WINDOWS\winajbm.dll - Deleted
C:\WINDOWS\window.exe - Deleted
C:\WINDOWS\winmgnt.exe - Deleted
C:\WINDOWS\xplugin.dll - Deleted
C:\WINDOWS\xxxvideo.hta - Deleted


Could Not Remove C:\WINDOWS\system32\drivers\core.cache.dsk

Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Network Monitor - Removed
Folder C:\Documents and Settings\LocalService\Application Data\NetMon - Removed
Folder C:\Temp\1cb - Removed
Folder C:\Temp\tn3 - Removed


Removing Temp Files

ADS Check :



Final Check :


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*:Enabled:Microsoft ® HTML Application host"
"C:\\Program Files\\WS_FTP\\WS_FTP95.exe"="C:\\Program Files\\WS_FTP\\WS_FTP95.exe:*:Enabled:WS_FTP 95"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Documents and Settings\\Owner\\Desktop\\tmps\\PDMan%5FClient13.exe"="C:\\Documents and Settings\\Owner\\Desktop\\tmps\\PDMan%5FClient13.exe:*:Enabled:PDMan%5FClient13"
"C:\\WINDOWS\\system32\\fscagent.exe"="C:\\WINDOWS\\system32\\fscagent.exe:*:Enabled:???? ???? ??"
"C:\\WINDOWS\\system32\\clubbox.exe"="C:\\WINDOWS\\system32\\clubbox.exe:*:Enabled:ªú'1U«§ ’ŽAIA¬U ø,rAU"
"C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"="C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme:*:Enabled:GunBound"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :

C:\WINDOWS\system32\drivers\core.cache.dsk Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 25 Aug 2003 196 A.SHR --- "C:\BOOT.BAK"
Tue 15 Jan 2002 33,791 A..H. --- "C:\WINDOWS\Removejoy.exe"
Fri 11 Jul 2008 68,608 ..SHR --- "C:\Program Files\?ystem32\rundll.exe"
Mon 6 Sep 2004 0 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Thu 25 Sep 2003 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 14 Oct 2005 27,648 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL0001.tmp"
Tue 18 Oct 2005 28,160 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL0003.tmp"
Wed 15 Mar 2006 53,760 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL0004.tmp"
Mon 27 Feb 2006 54,272 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL0240.tmp"
Tue 18 Oct 2005 29,184 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL0347.tmp"
Wed 15 Mar 2006 53,760 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL0458.tmp"
Tue 18 Oct 2005 28,672 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1990.tmp"
Tue 18 Oct 2005 151,552 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL2918.tmp"
Tue 18 Oct 2005 152,064 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL2968.tmp"
Tue 28 Feb 2006 57,344 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL3392.tmp"
Thu 29 May 2008 230,400 ..SHR --- "C:\Program Files\Common Files\a?sembly\c?rss.exe"
Fri 9 Dec 2005 667,984 ...H. --- "C:\Program Files\iolo\Search and Recover 3\unins000.exe"
Tue 29 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 22 Aug 2007 19,968 A..H. --- "C:\Documents and Settings\Owner\My Documents\Resume\~WRL0003.tmp"
Fri 1 Jun 2007 20,480 A..H. --- "C:\Documents and Settings\Owner\My Documents\Resume\~WRL2758.tmp"
Fri 1 Jun 2007 19,968 A..H. --- "C:\Documents and Settings\Owner\My Documents\Resume\~WRL3398.tmp"
Tue 26 Aug 2003 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
Thu 10 Apr 2003 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg_old.reg"
Thu 10 Apr 2003 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient_old.reg"
Tue 26 Aug 2003 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT7.tmp"
Tue 15 Apr 2008 189,979 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d83a149466e9e9026bf79391fc798280\BIT2A.tmp"
Tue 16 Aug 2005 444 ...HR --- "C:\Documents and Settings\Owner\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!
  • 0

#4
shippouchan

shippouchan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here's my DSS main file:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-14 09:31:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
45: 2008-07-14 13:31:48 UTC - RP45 - Deckard's System Scanner Restore Point
44: 2008-07-13 04:59:46 UTC - RP44 - Installed STOPzilla!. Available with Windows Installer version 1.2 and later.
43: 2008-07-12 02:54:55 UTC - RP43 - Last known good configuration
42: 2008-07-12 02:54:38 UTC - RP42 - System Checkpoint
41: 2008-07-12 02:54:38 UTC - RP41 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-07-12 02:53:38 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 83% (more than 75%).
Total Physical Memory: 504 MiB (512 MiB recommended).
System Drive C: has 7.67 GiB (less than 15%) free.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:00 AM, on 7/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\portsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\qcntpkdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\YSTEM3~1\rundll.exe
C:\PROGRA~1\COMMON~1\omuw\omuwm.exe
C:\Program Files\Common Files\a?sembly\c?rss.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\system32\jownw64j.exe
C:\PROGRA~1\COMMON~1\omuw\omuwa.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Planex\Common\RaUI.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\DOCUME~1\Owner\MYDOCU~1\HJT\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Owner/Desktop/homepage2/links.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\h5gszwhx.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\h5gszwhx.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: gooochi browser optimizer - {06ef34fa-c415-d161-a387-8ddcad1dc4eb} - C:\WINDOWS\system32\dpzzjbtqctxxm.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C8C6BE10-AFEE-42F1-94BC-7EEF5DFCCBB5} - C:\WINDOWS\system32\ddcYrPHA.dll
O2 - BHO: {61680c7f-0b7e-5c9b-6744-f1c6f177ba3d} - {d3ab771f-6c1f-4476-b9c5-e7b0f7c08616} - C:\WINDOWS\system32\djiwyg.dll
O2 - BHO: (no name) - {DD37EF40-50AB-7B50-FB38-0BA2ECE94F95} - C:\WINDOWS\system32\owznmgre.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB003" /M "Stylus CX5400"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [{CD-DD-DC-C1-DW}] c:\windows\system32\jownw64j.exe DWram02FF
O4 - HKLM\..\Run: [906cdd6e] rundll32.exe "C:\WINDOWS\system32\wguvjyii.dll",b
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [{bca9887c-d68a-b6f9-f7eb-a55adcefdbe6}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\dpzzjbtqctxxm.dll" DllStart
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\qcntpkdm.exe DWram02FF
O4 - HKLM\..\Run: [BM935feef2] Rundll32.exe "C:\WINDOWS\system32\yrycryyt.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Notn] "C:\PROGRA~1\YSTEM3~1\rundll.exe" -vt yazb
O4 - HKCU\..\Run: [omuw] C:\PROGRA~1\COMMON~1\omuw\omuwm.exe
O4 - HKCU\..\Run: [Ztlbqu] "C:\Program Files\Common Files\a?sembly\c?rss.exe"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\qcntpkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jownw64j.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Planex Wireless Utility.lnk = C:\Program Files\Planex\Common\RaUI.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.usmd.edu/...er/tdserver.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {41649A90-B484-11D1-8D75-00C04FC24EE6} (WebEQ Browser Controls) - http://phga.pearsonc...ebEQInstall.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors...ocx/plotwon.ocx
O16 - DPF: {C62DFDC7-2EEC-4C2C-827A-BC0BFB4260B3} (IMViewerControl Class) - http://companion.log...1/bin/imvid.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 12212 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 fasttx2k - c:\windows\system32\drivers\fasttx2k.sys <Not Verified; Promise Technology, Inc.; Promise FastTrak Series Driver>
R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
R1 ati1ttxxx - c:\windows\system32\drivers\ati1ttxxx.sys
R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
R1 NPPTNT - c:\windows\system32\npptnt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
R2 STEC3 - c:\windows\system32\stec3.sys <Not Verified; AntiCracking; SVKP driver for NT>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 RTL8187B (TRENDnet TEW-424UB 54M USB Dongle) - c:\windows\system32\drivers\rtl8187b.sys <Not Verified; Realtek Semiconductor Corporation; Realtek RTL8187B Wireless USB 2.0 Adapter>
R3 SjyPkt - c:\windows\system32\drivers\sjypkt.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys (file missing)
S1 SASKUTIL - c:\program files\superantispyware\saskutil.sys (file missing)
S3 catchme - c:\combofix\catchme.sys (file missing)
S3 RT73 (RT73 USB Wireless LAN Card Driver) - c:\windows\system32\drivers\rt73.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 PlugPlayRPC (Plug and Play (RPC)) - c:\windows\portsv.exe service
R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>

S2 szserver (STOPzilla Service) - c:\program files\common files\stopzilla!\szserver.exe <Not Verified; ; SZServer Application>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\2944BDE01800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\2944BDE01800
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-07-07 19:42:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2003-08-25 20:36:56 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-06-14 and 2008-07-14 -----------------------------

2008-07-13 17:39:50 49214 --a------ C:\WINDOWS\system32\rwwnw64d.exe <Not Verified; ; Browser Driver>
2008-07-13 10:42:02 0 d-------- C:\WINDOWS\ERUNT
2008-07-13 10:17:48 90928 --a------ C:\WINDOWS\system32\yrycryyt.dll
2008-07-13 10:17:17 0 d-------- C:\Program Files\Common Files\a?sembly
2008-07-13 10:17:08 60928 --a------ C:\WINDOWS\system32\owznmgre.dll
2008-07-13 01:43:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-13 01:06:16 1723 --a------ C:\WINDOWS\system32\clbinit.dll
2008-07-13 00:57:25 0 d-------- C:\WINDOWS\system32\5445
2008-07-13 00:57:23 55808 --a------ C:\WINDOWS\portsv.exe
2008-07-13 00:53:57 105248 --a------ C:\WINDOWS\system32\djiwyg.dll
2008-07-13 00:53:56 105248 --a------ C:\WINDOWS\system32\vsnbflfa.dll
2008-07-13 00:50:58 81168 --a------ C:\WINDOWS\system32\wguvjyii.dll
2008-07-13 00:49:32 90928 --a------ C:\WINDOWS\system32\botunlcr.dll
2008-07-12 00:36:41 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-07-12 00:36:41 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-12 00:36:41 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-12 00:36:41 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-12 00:36:41 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-12 00:36:41 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-12 00:36:41 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-12 00:36:41 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-07-12 00:36:41 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-12 00:36:41 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-07-12 00:36:41 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-12 00:36:41 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-12 00:36:41 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-12 00:36:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-12 00:36:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-07-12 00:36:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-07-12 00:36:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-07-12 00:36:41 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-12 00:36:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-07-12 00:36:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2008-07-12 00:36:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-12 00:36:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-12 00:36:40 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-11 23:55:55 0 d-------- C:\VundoFix Backups
2008-07-11 23:29:56 49196 --a------ C:\WINDOWS\system32\jownw64j.exe <Not Verified; ; Browser Driver>
2008-07-11 23:00:22 25920 --a------ C:\WINDOWS\system32\khfEwwwu.dll
2008-07-11 23:00:21 25920 --a------ C:\WINDOWS\system32\efcDWpPg.dll
2008-07-11 22:59:34 858 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-07-11 22:59:27 105248 --a------ C:\WINDOWS\system32\gtazpz.dll
2008-07-11 22:59:24 105248 --a------ C:\WINDOWS\system32\rsgycqew.dll
2008-07-11 22:59:08 64332 --a------ C:\WINDOWS\system32\wdcbqipgszrkcwor.exe
2008-07-11 22:59:05 192581 --a------ C:\WINDOWS\system32\qcntpkdm.exe
2008-07-11 22:59:03 152162 --a------ C:\WINDOWS\system32\g30.exe
2008-07-11 22:55:32 90928 --a------ C:\WINDOWS\system32\ayvsoijf.dll
2008-07-11 22:53:19 726728 --ahs---- C:\WINDOWS\system32\AHPrYcdd.ini2
2008-07-11 22:52:59 314608 --a------ C:\WINDOWS\system32\ddcYrPHA.dll
2008-07-11 22:52:35 0 d-------- C:\Program Files\Common Files\omuw
2008-07-11 22:52:34 0 d-------- C:\WINDOWS\omuw
2008-07-11 22:51:51 25888 --a------ C:\WINDOWS\system32\yaywxVMd.dll
2008-07-11 22:51:50 25888 --a------ C:\WINDOWS\system32\jkkLBuVP.dll
2008-07-11 22:50:17 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-07-11 22:49:46 0 d-------- C:\Program Files\Outerinfo
2008-07-11 22:49:44 0 d-------- C:\Documents and Settings\Owner\Application Data\??crosoft.NET
2008-07-11 22:49:39 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-07-11 22:49:05 10752 --a------ C:\WINDOWS\system32\drivers\clbdriver.sys
2008-07-11 22:49:05 34816 --a------ C:\WINDOWS\system32\clbdll.dll
2008-07-11 22:49:05 89561 --a------ C:\WINDOWS\lfn.exe <Not Verified; Microsoft; XML Media>
2008-07-11 22:49:00 0 d-------- C:\WINDOWS\IA
2008-07-11 22:48:15 86144 --a------ C:\WINDOWS\system32\drivers\ati1ttxxx.sys
2008-07-11 22:48:05 0 d-------- C:\WINDOWS\system32\sfig
2008-07-11 22:48:05 0 d-------- C:\WINDOWS\system32\provdll
2008-07-11 22:48:05 0 d-------- C:\WINDOWS\system32\OBDE
2008-07-11 22:48:05 0 d-------- C:\WINDOWS\system32\imp32
2008-07-11 22:48:05 0 d-------- C:\Program Files\?ystem32
2008-07-11 22:47:50 0 d-------- C:\WINDOWS\system32\olixds01
2008-07-11 22:47:45 25888 --a------ C:\WINDOWS\system32\wvUoLbYr.dll
2008-07-02 09:30:32 158208 --a------ C:\WINDOWS\system32\dpzzjbtqctxxm.dll
2008-06-30 17:38:55 215040 --a------ C:\WINDOWS\system32\drivers\RTL8187B.sys <Not Verified; Realtek Semiconductor Corporation; Realtek RTL8187B Wireless USB 2.0 Adapter>
2008-06-30 17:37:34 0 d-------- C:\WINDOWS\OPTIONS
2008-06-30 17:37:34 0 d-------- C:\Program Files\TRENDnet


-- Find3M Report ---------------------------------------------------------------

2008-07-14 09:28:48 0 d-------- C:\Program Files\Common Files\STOPzilla!
2008-07-14 09:27:41 0 d-------- C:\Program Files\Common Files
2008-07-14 09:26:46 32648 --a------ C:\WINDOWS\system32\tablet.dat
2008-07-13 17:54:18 0 d-------- C:\Documents and Settings\Owner\Application Data\DNA
2008-07-13 10:17:17 0 d-------- C:\Program Files\Common Files\a?sembly
2008-07-13 10:17:17 0 d-------- C:\Documents and Settings\Owner\Application Data\??crosoft.NET
2008-07-13 01:00:33 0 d-------- C:\Program Files\STOPzilla!
2008-07-11 23:01:46 0 d-------- C:\Program Files\Starcraft
2008-07-11 22:48:05 0 d-------- C:\Program Files\?ystem32
2008-07-11 10:44:51 0 d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-06-30 23:26:50 0 d-------- C:\Documents and Settings\Owner\Application Data\Aim
2008-06-30 17:38:58 0 d--h----- C:\Program Files\InstallShield Installation Information


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06ef34fa-c415-d161-a387-8ddcad1dc4eb}]
07/02/2008 09:30 AM 158208 --a------ C:\WINDOWS\system32\dpzzjbtqctxxm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8C6BE10-AFEE-42F1-94BC-7EEF5DFCCBB5}]
07/11/2008 10:53 PM 314608 --a------ C:\WINDOWS\system32\ddcYrPHA.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d3ab771f-6c1f-4476-b9c5-e7b0f7c08616}]
07/13/2008 12:53 AM 105248 --a------ C:\WINDOWS\system32\djiwyg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD37EF40-50AB-7B50-FB38-0BA2ECE94F95}]
05/29/2008 02:34 PM 60928 --a------ C:\WINDOWS\system32\owznmgre.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 07:04 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/20/2004 04:51 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/14/2002 12:42 AM]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/02/2003 05:11 PM]
"ccRegVfy"="c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [12/02/2003 05:11 PM]
"QuickFinder Scheduler"="C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [10/01/2001 09:36 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [05/22/2002 01:28 AM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 01:31 AM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [08/29/2002 08:00 AM]
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [02/24/2003 05:11 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [01/12/2005 03:54 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/20/2004 04:55 PM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 02:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"EPSON Stylus CX5400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.exe" [05/26/2003 04:00 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [02/05/2006 10:13 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/17/2005 12:11 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 05:44 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [02/13/2003 11:01 AM]
"{CD-DD-DC-C1-DW}"="c:\windows\system32\jownw64j.exe" [07/11/2008 11:29 PM]
"906cdd6e"="C:\WINDOWS\system32\wguvjyii.dll" [07/13/2008 12:50 AM]
"STOPzilla"="C:\Program Files\STOPzilla!\STOPzilla.exe" [08/01/2005 07:32 PM]
"{bca9887c-d68a-b6f9-f7eb-a55adcefdbe6}"="C:\WINDOWS\system32\dpzzjbtqctxxm.dll" [07/02/2008 09:30 AM]
"ExploreUpdSched"="C:\WINDOWS\system32\qcntpkdm.exe" [07/11/2008 10:59 PM]
"BM935feef2"="C:\WINDOWS\system32\yrycryyt.dll" [07/13/2008 10:17 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/09/2008 07:17 PM]
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2003 11:31 AM]
"Notn"="C:\PROGRA~1\YSTEM3~1\rundll.exe" [07/11/2008 10:48 PM]
"omuw"="C:\PROGRA~1\COMMON~1\omuw\omuwm.exe" [07/19/2006 02:56 PM]
"Ztlbqu"="C:\Program Files\Common Files\a?sembly\c?rss.exe" [05/29/2008 02:35 PM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Deewoo.lnk - C:\WINDOWS\system32\qcntpkdm.exe [7/11/2008 10:59:05 PM]
DW_Start.lnk - C:\WINDOWS\system32\jownw64j.exe [7/11/2008 11:29:56 PM]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [4/10/2003 6:53:45 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [8/27/2003 11:04:27 PM]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [9/20/2004 1:31:48 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/16/2003 5:19:24 AM]
Photo Loader supervisory.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe [10/5/2007 11:27:50 PM]
Planex Wireless Utility.lnk - C:\Program Files\Planex\Common\RaUI.exe [8/26/2007 9:56:14 PM]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [4/28/2005 10:06:59 PM]
Wireless Configuration Utility HW.14.lnk - C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe [7/9/2007 3:43:00 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 02/21/2003 06:50 AM 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\STOPzilla]
IS3WLHandler.dll 08/01/2005 07:34 PM 24633 C:\WINDOWS\system32\IS3WLHandler.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 12/21/2001 12:34 AM 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcYrPHA

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Semagic.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Semagic.lnk
backup=C:\WINDOWS\pss\Semagic.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STOPzilla]
C:\Program Files\STOPzilla!\Stopzilla.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]
C:\Program Files\WildTangent\Apps\GameChannel.exe

*Newly Created Service* - SJYPKT



-- Hosts -----------------------------------------------------------------------

127.0.0.1 localmachine # ***Inserted By STOPzilla***
127.0.0.1 coolwebsearch.com # ***Inserted By STOPzilla***
127.0.0.1 search4www.com # ***Inserted By STOPzilla***
127.0.0.1 zonebest.com # ***Inserted By STOPzilla***
127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***
127.0.0.1 www.nude-teens-bodies.com # ***Inserted By STOPzilla***
127.0.0.1 teen-fantazi.com # ***Inserted By STOPzilla***
127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
127.0.0.1 newsh.com # ***Inserted By STOPzilla***
127.0.0.1 www.search4www.com # ***Inserted By STOPzilla***

30 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-14 09:36:07 ------------
  • 0

#5
shippouchan

shippouchan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
And here is my extra file:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
CPU 1: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 79%
Physical Memory (total/avail): 503.36 MiB / 103.86 MiB
Pagefile Memory (total/avail): 1230.68 MiB / 846.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.27 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 107.56 GiB total, 7.67 GiB free.
D: is Fixed (FAT32) - 4.24 GiB total, 0.69 GiB free.
E: is CDROM (UDF)
F: is CDROM (No Media)
G: is Fixed (NTFS) - 149.05 GiB total, 16.34 GiB free.
H: is Removable (FAT)

\\.\PHYSICALDRIVE1 - Maxtor 6Y160P0 - 149.05 GiB - 1 partition
\PARTITION0 - Installable File System - 149.05 GiB - G:

\\.\PHYSICALDRIVE0 - SAMSUNG SV1203N - 111.81 GiB - 2 partitions
\PARTITION0 - Unknown - 4.25 GiB - D:
\PARTITION1 (bootable) - Installable File System - 107.56 GiB - C:

\\.\PHYSICALDRIVE2 - USB 2.0 Flash Disk USB Device - 957 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 963.97 MiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*:Enabled:Microsoft ® HTML Application host"
"C:\\Program Files\\WS_FTP\\WS_FTP95.exe"="C:\\Program Files\\WS_FTP\\WS_FTP95.exe:*:Enabled:WS_FTP 95"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Documents and Settings\\Owner\\Desktop\\tmps\\PDMan%5FClient13.exe"="C:\\Documents and Settings\\Owner\\Desktop\\tmps\\PDMan%5FClient13.exe:*:Enabled:PDMan%5FClient13"
"C:\\WINDOWS\\system32\\fscagent.exe"="C:\\WINDOWS\\system32\\fscagent.exe:*:Enabled:???? ???? ??"
"C:\\WINDOWS\\system32\\clubbox.exe"="C:\\WINDOWS\\system32\\clubbox.exe:*:Enabled:Ŭ·´¹Ú½º ÆÄÀÏÀü¼Û °ü¸®ÀÚ"
"C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"="C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme:*:Enabled:GunBound"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.1_01\lib\ext\QTJava.zip
COLLECTIONID=COL8143
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BOB
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HMSERVER=https://wwss1pro.cce.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
ITEMID=dj-22741-6
LANG=1033
LOGONSERVER=\\BOB
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
OSVER=winXPH
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Common Files\STOPzilla!;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCToolsDir=C:\Documents and Settings\All Users\Start Menu\Programs\Compaq\Compaq Presario PC Tools
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.1_01\lib\ext\QTJava.zip
SESSIONID=1100724232210htx694135b92e:10056888de3:5a02
SESSIONNAME=Console
SWUTVER=1.0.22.20030804
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TIMEOUT=0
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TOOLPATH=/C:\Program%20Files\HP\HP%20Software%20Update\install.htm
UPDATEDIR=C:\DOCUME~1\Owner\LOCALS~1\Temp\radEB2C9.tmp
USERDOMAIN=BOB
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
VERSION=3.0.2.97
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Ad-aware 6 Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Ad-aware 6 Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Illustrator 10 --> "C:\Program Files\InstallShield Installation Information\{412033BC-44CF-48D9-B813-4B835101F4D3}\setup.exe"
Adobe InDesign CS --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}\zidxp.exe"
Adobe Photoshop 6.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Advanced WMA Workshop version 2.01 --> "C:\Program Files\LitexMedia\Advanced WMA Workshop\unins000.exe"
AnswerWorks Runtime --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\SETUP.EXE" -l0x9
BitTorrent 6.0 --> C:\Program Files\BitTorrent\uninst.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Canon Camera Window for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{570B96D1-70D3-4B48-93EF-029440FA1BCE}
Canon IXY 320, PowerShot S230, IXUS v3 WIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B8CD1189-53D6-4C51-8082-14B812EABBA8}
Canon PhotoRecord --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\Canon\PhotoRecord\Uninst.isu -c"C:\PROGRA~1\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities FileViewerUtility 1.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0627E8E9-6822-4A5E-9225-286741CDC3E4}
Canon Utilities PhotoStitch 3.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}
Canon Utilities RemoteCapture 2.6 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}
Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Corel Applications --> C:\WINDOWS\Corel\Uninst32.exe
DC++ 0.681 --> "C:\Program Files\DC++\uninstall.exe"
DeadAIM --> MsiExec.exe /I{25AF0BD1-DF07-4447-8E91-28E99617C556}
Deewoo Network Manager removal --> C:\WINDOWS\system32\qcntpkdm.exe -UPop
Disc2Phone --> MsiExec.exe /I{5E977DEC-5BB4-44C7-9FE5-9357D2DB4FCB}
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Player --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Player\uninstal.log
DivX Pro Codec Adware --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Pro Codec Adware\uninstal.log
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Easy CD Creator 5 Platinum --> MsiExec.exe /I{8851E12C-0EF9-11D4-A788-009027ABA5D0}
easy Internet sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-1F3DD79FB927} /l1033
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
Enhancement Browser Tools Gooochi --> C:\WINDOWS\system32\wdcbqipgszrkcwor.exe
EPSON Copy Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
EPSON EIC CX5400 --> C:\Program Files\epson\epic\cx5400_e\uninstall.exe
EPSON Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22901BB7-2C57-409E-AF2F-56FFFEA41116}\setup.exe" -l0x9 MyUninstall
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\SETUP.EXE" -l0x9 UNINSTALL
EPSON Smart Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x9 Uninstall
Flash File Recovery v1.5 --> "C:\Program Files\Flash File Recovery\unins000.exe"
Free iPod Video Converter 1.26 --> "C:\Program Files\Free iPod Video Converter\unins000.exe"
GemMaster 3 from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\AD0E57E8-ABB1-4BF6-9AFF-0C7DDA1710CD\Uninstall.exe"
GiPo@MoveOnBoot 1.9.5 --> MsiExec.exe /I{9F185C48-595B-401A-A1D6-AAB324890DC4}
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
GunBound --> "C:\Program Files\softnyx\unins000.exe"
Gunbound Revolution --> "c:\ijji\ENGLISH\Gunbound Revolution\unins000.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Owner\Desktop\tmps\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp deskjet 3820 series (Remove only) --> C:\Program Files\hp deskjet 3820 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB/DeskJet 3820/ -vproduct=3820 -huninstall
HP Deskjet printer preloaded drivers --> MsiExec.exe /X{48BD24F5-13DE-493A-A7CE-28A85113FF0C}
HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{18E0918E-1060-48f3-925C-56C82E88551B}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
Instant Support --> C:\PROGRA~1\INSTAN~1\UNWISE.EXE C:\PROGRA~1\INSTAN~1\INSTALL.LOG
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iolo technologies' Search and Recover 3 --> "C:\Program Files\iolo\Search and Recover 3\unins000.exe"
iPod for Windows 2005-02-22 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B6ACFF51-248A-4290-B50B-E50C81F25B97} /l1033
iPod for Windows 2005-09-06 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1} /l1033
iScrobbler --> C:\Program Files\iTunes\UninstalliScrobble.exe
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java 2 Runtime Environment, SE v1.4.1_01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1666FA7C-CB5F-11D6-A78C-00B0D079AF64}\setup.exe" Anytext
Java Web Start --> "C:\Program Files\Java Web Start\uninst-javaws.exe"
K-Lite Codec Pack 2.20 Full --> "C:\Program Files\K-Lite CodecPack\unins000.exe"
Last.fm Player 1.0.4 --> "C:\Program Files\Last.fm Player\unins000.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Dreamweaver MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mathathon --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1C118C8D-DB12-4DBE-8F0A-2FAE4393C86E}
MaxBlast 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{639858DD-4966-40F3-A706-7C838BCF3A2B}\setup.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Money 2003 --> MsiExec.exe /I{01F9D88C-3C86-4E82-840A-101A3221F67A}
Microsoft Money 2003 System Pack --> MsiExec.exe /I{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}
Microsoft Office XP Standard for Students and Teachers --> MsiExec.exe /I{913D0409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Move Networks Player for Firefox --> "C:\Program Files\Mozilla Firefox\plugins\unins000.exe"
Mozilla Firefox (2.0.0.15) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Netscape (7.1) --> C:\WINDOWS\NSUninst.exe /ua "7.1b1 (en)"
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
NJStar Chinese Word Processor --> "C:\Program Files\NJStar Chinese WP\Remove.exe" /U:"C:\Program Files\NJStar Chinese WP\Remove.log"
Norton AntiVirus 2003 --> MsiExec.exe /I{EDCD4CE3-DE92-49A9-87F9-FE09B2FBA16C}
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
OmniPass --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\Setup.exe" -l0x9
Opera --> C:\PROGRA~1\Opera7\UnInst\UNWISE.EXE C:\PROGRA~1\Opera7\UnInst\Install.log
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Paint Shop Pro 6.0 (ESD) --> C:\PROGRA~1\PAINTS~1\Unwise.exe C:\PROGRA~1\PAINTS~1\INSTALL.LOG
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PC Inspector smart recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9A87D86-FDFD-418B-BF96-EF09320973B3}\Setup.exe" -l0x9
PCI GW-US54Mini2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E91E8912-769D-42F0-8408-0E329443BABC}\setup.exe" -l0x9 -removeonly
Photo Loader 3.0E --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70B45586-B51E-4947-A258-A895596C5CED}\Setup.exe" -uninst
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2003 New User Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F61F2821-694C-475F-99AB-6AF2EFDF40FD} anything
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Ragnarok Online --> "C:\WINDOWS\IFinst25.exe" -UC:\Program Files\Gravity\RO\IFU544.inf
Ragnarok Sakray Pack --> "C:\WINDOWS\IFinst25.exe" -UC:\Program Files\Gravity\RO\IFU539.inf
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow --> MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ShowBiz DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{60E80B13-8649-4A69-85E2-1AE99E061F43}\setup.exe" -l0x9
Shutterfly Plugin --> C:\PROGRA~1\SHUTTE~1\UNWISE.EXE C:\PROGRA~1\SHUTTE~1\INSTALL.LOG
Simple Installer - Multilanguage Version --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}\setup.exe"
Skype 1.1 --> "C:\Program Files\Skype\Phone\unins000.exe"
SnadBoy's Revelation v2 --> C:\PROGRA~1\SNADBO~1\UNWISE.EXE C:\PROGRA~1\SNADBO~1\INSTALL.LOG
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony Ericsson PC Suite 1.10.21 --> MsiExec.exe /I{EE28E1DC-A319-4DFE-B8ED-BEE329D377A4}
SpamSubtract --> C:\PROGRA~1\INTERM~1\SPAMSU~1\UNWISE.EXE /U C:\PROGRA~1\INTERM~1\SPAMSU~1\INSTALL.LOG
StepMania (remove only) --> "C:\Program Files\StepMania\uninstall.exe"
STOPzilla! --> MsiExec.exe /X{DF90646F-BAD5-4000-862A-79FB35F66209}
Tablet --> C:\Program Files\Tablet\Remove.exe /u
TRENDnet TEW-424UB Wireless USB 2.0 Adapter Driver and Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{C43421C0-0DCB-4F26-8A3B-BF16155F9879}
VAIOSoft Recovery Manager --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\RecvMngr\Recuninst.isu"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
WebEQ Browser Controls --> C:\Program Files\WebEQ\BCUninstall.exe -u
Weblink --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4FCC384C-18EA-4E25-9281-A06AE006D219}\setup.exe" -l0x9
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
WindowBlinds --> C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 2002 Trial --> C:\WINDOWS\Corel\uninst32.exe
WordPerfect Office 2002 Trial --> c:\WINDOWS\Corel\Uninst32.exe
XviD-1.0-RC1 Video Codec 25012004 (Koepi's developer build) --> "C:\Program Files\XviD\UninstXviD.exe"
Yahoo! Companion --> rundll32.exe C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YCOMP5~1.DLL,DllCommand ui
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Messenger Explorer Bar --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\YHEXBM~1.DLL


-- Application Event Log -------------------------------------------------------

Event Record #/Type13625 / Error
Event Submitted/Written: 07/14/2008 09:34:04 AM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type166165 / Error
Event Submitted/Written: 07/14/2008 09:29:31 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The STOPzilla Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type166162 / Error
Event Submitted/Written: 07/14/2008 09:28:57 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register with DCOM within the required timeout.

Event Record #/Type166161 / Error
Event Submitted/Written: 07/14/2008 09:28:38 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The iPod Service service terminated with the following error:
%%2147549465

Event Record #/Type166141 / Error
Event Submitted/Written: 07/14/2008 09:26:46 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Event Record #/Type166140 / Error
Event Submitted/Written: 07/14/2008 09:26:44 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The mrtRate service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-07-14 09:36:07 ------------



------

After I leave my computer running for a bit, suddenly it just shows only my background image and nothing else (no start menu, no other files, nothing). I also get a lot of popups from outerinfo, I think (once, it had 50 popups all in a row)...

Thanks!
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#7
shippouchan

shippouchan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Oooh, it is looking loads better! :)

Here is my ComboFix log:

ComboFix 08-07-14.2 - Owner 2008-07-14 18:19:18.9 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\CROSOF~1.NET
C:\Program Files\Common Files\asembl~1
C:\Program Files\Common Files\omuw
C:\Program Files\Common Files\omuw\omuwa.exe
C:\Program Files\Common Files\omuw\omuwa.lck
C:\Program Files\Common Files\omuw\omuwd\class-barrel
C:\Program Files\Common Files\omuw\omuwd\omuwc.dll
C:\Program Files\Common Files\omuw\omuwd\vocabulary
C:\Program Files\Common Files\omuw\omuwh
C:\Program Files\Common Files\omuw\omuwl.exe
C:\Program Files\Common Files\omuw\omuwl.lck
C:\Program Files\Common Files\omuw\omuwm.exe
C:\Program Files\Common Files\omuw\omuwm.lck
C:\Program Files\Common Files\omuw\omuwp.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\ystem3~1
C:\Program Files\ystem3~1\?icrosoft.NET\
C:\Program Files\ystem3~1\rundll.exe
C:\temp\tn3
C:\WINDOWS\444.470
C:\WINDOWS\BM935feef2.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\IA
C:\WINDOWS\lfn.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\omuw
C:\WINDOWS\omuw\omuw.dat
C:\WINDOWS\omuw\wu
C:\WINDOWS\portsv.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AHPrYcdd.ini
C:\WINDOWS\system32\AHPrYcdd.ini2
C:\WINDOWS\system32\ayvsoijf.dll
C:\WINDOWS\system32\botunlcr.dll
C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\ddcYrPHA.dll
C:\WINDOWS\system32\djiwyg.dll
C:\WINDOWS\system32\dpzzjbtqctxxm.dll
C:\WINDOWS\system32\drivers\ati1ttxxx.sys
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\efcDWpPg.dll
C:\WINDOWS\system32\gtazpz.dll
C:\WINDOWS\system32\iiyjvugw.ini
C:\WINDOWS\system32\janvcvrp.ini
C:\WINDOWS\system32\jkkLBuVP.dll
C:\WINDOWS\system32\khfEwwwu.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\owznmgre.dll
C:\WINDOWS\system32\qcntpkdm.exe
C:\WINDOWS\system32\rsgycqew.dll
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\vedmnycs.ini
C:\WINDOWS\system32\vsnbflfa.dll
C:\WINDOWS\system32\wguvjyii.dll
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\wvUoLbYr.dll
C:\WINDOWS\system32\yaywxVMd.dll
C:\WINDOWS\system32\yrycryyt.dll
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ATI1TTXXX
-------\Service_ati1ttxxx
-------\Legacy_PlugPlayRPC
-------\Service_PlugPlayRPC


((((((((((((((((((((((((( Files Created from 2008-06-15 to 2008-07-15 )))))))))))))))))))))))))))))))
.

2008-07-14 21:15 . 2008-07-14 21:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-14 21:15 . 2008-07-14 21:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-14 21:14 . 2008-07-14 21:14 49,199 --a------ C:\WINDOWS\system32\rwwnw64d.exe
2008-07-14 21:14 . 2008-07-14 21:15 294 ---hs---- C:\WINDOWS\system32\vedmnycs.ini
2008-07-14 21:14 . 2008-07-14 21:17 117 --a------ C:\WINDOWS\system32\msnav32.ax
2008-07-14 21:14 . 2008-07-14 21:14 22 --a------ C:\WINDOWS\pskt.ini
2008-07-14 17:32 . 2008-07-14 17:32 105,264 --a------ C:\WINDOWS\system32\duflpf.dll
2008-07-14 17:31 . 2008-07-14 17:32 105,264 --a------ C:\WINDOWS\system32\qnamgetc.dll
2008-07-14 17:30 . 2008-07-14 17:30 81,168 --a------ C:\WINDOWS\system32\scynmdev.dll
2008-07-14 17:28 . 2008-07-14 17:29 90,944 --a------ C:\WINDOWS\system32\efqjbyfu.dll
2008-07-14 09:31 . 2008-07-14 09:31 <DIR> d-------- C:\Deckard
2008-07-13 13:07 . 2008-07-13 13:07 167,976 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-07-13 10:42 . 2008-07-13 10:42 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-13 10:36 . 2008-07-13 17:37 <DIR> d-------- C:\SDFix
2008-07-13 01:43 . 2008-07-13 01:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-13 01:38 . 2008-07-13 01:38 4,286 --a------ C:\WINDOWS\system32\Jamster.ico
2008-07-13 00:57 . 2008-07-14 17:25 <DIR> d-------- C:\WINDOWS\system32\5445
2008-07-12 00:36 . 2003-04-10 07:05 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-07-12 00:36 . 2003-04-10 06:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-12 00:36 . 2003-04-10 06:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-07-12 00:36 . 2003-04-10 07:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-07-12 00:36 . 2003-04-10 06:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-07-12 00:36 . 2003-04-10 06:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2008-07-12 00:36 . 2008-07-12 00:36 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-11 23:55 . 2008-07-11 23:55 <DIR> d-------- C:\VundoFix Backups
2008-07-11 23:29 . 2008-07-11 23:29 49,196 --a------ C:\WINDOWS\system32\jownw64j.exe
2008-07-11 23:00 . 2008-07-11 23:00 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-07-11 22:59 . 2008-07-11 22:59 152,162 --a------ C:\WINDOWS\system32\g30.exe
2008-07-11 22:59 . 2008-07-13 17:50 64,332 --a------ C:\WINDOWS\system32\wdcbqipgszrkcwor.exe
2008-07-11 22:55 . 2008-07-14 21:15 110,419 --a------ C:\WINDOWS\BM935feef2.xml
2008-07-11 22:49 . 2002-08-29 08:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-11 22:48 . 2008-07-11 22:48 <DIR> d-------- C:\WINDOWS\system32\sfig
2008-07-11 22:48 . 2008-07-11 22:48 <DIR> d-------- C:\WINDOWS\system32\provdll
2008-07-11 22:48 . 2008-07-11 22:48 <DIR> d-------- C:\WINDOWS\system32\OBDE
2008-07-11 22:48 . 2008-07-11 22:48 <DIR> d-------- C:\WINDOWS\system32\imp32
2008-07-11 22:47 . 2008-07-11 22:47 <DIR> d-------- C:\WINDOWS\system32\olixds01
2008-07-11 22:47 . 2008-07-11 22:48 <DIR> d-------- C:\temp\stmpv4
2008-07-11 22:47 . 2008-07-11 22:47 25,888 --a------ C:\WINDOWS\system32\fccDuuVl.dll.vir
2008-07-05 01:05 . 2008-07-05 01:05 32,768 --a------ C:\WINDOWS\system32\olixds01\olixds011065.exe
2008-06-30 17:38 . 2007-05-04 20:40 215,040 --a------ C:\WINDOWS\system32\drivers\RTL8187B.sys
2008-06-30 17:37 . 2008-06-30 17:37 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-06-30 17:37 . 2008-06-30 17:37 <DIR> d-------- C:\Program Files\TRENDnet
2008-06-20 06:44 . 2008-06-20 06:44 138,368 --a--c--- C:\WINDOWS\system32\dllcache\afd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 22:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\DNA
2008-07-14 21:30 --------- d-----w C:\Program Files\STOPzilla!
2008-07-14 21:30 --------- d-----w C:\Program Files\Common Files\STOPzilla!
2008-07-12 03:01 --------- d-----w C:\Program Files\Starcraft
2008-07-11 14:44 --------- d-----w C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-07-01 03:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\Aim
2008-06-30 21:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2007-01-29 01:41 88,592 -c--a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2003-04-10 10:51 32 --sha-w C:\WINDOWS\{DA550BF1-5AE0-4007-B9B0-C9FF520E8090}.dat
2004-09-06 18:13 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
2003-04-10 10:51 32 --sha-w C:\WINDOWS\system32\{1BADA6CB-9766-4CB8-9EA3-38879756A4DF}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93584a47-f326-c9a9-036a-af51a012ad26}]
2008-07-03 10:45 364544 --a------ C:\WINDOWS\system32\vnmgirkpzh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bd21879e-dafe-4c69-8f0a-c41531a14af3}]
2008-07-14 17:32 105264 --a------ C:\WINDOWS\system32\duflpf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ztlbqu"="C:\Program Files\Common Files\a?sembly\c?rss.exe" [?]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-09 19:17 289088]
"AIM"="C:\Program Files\AIM\aim.exe" [2003-08-01 11:31 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 16:51 118784]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42 212992]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-12-02 17:11 54296]
"ccRegVfy"="c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2003-12-02 17:11 58392]
"QuickFinder Scheduler"="C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2001-10-01 21:36 77887]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-22 01:28 188416]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 01:31 208952]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 08:00 59392]
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [2003-02-24 17:11 266313]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54 241664]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 16:55 155648]
"EPSON Stylus CX5400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" [2003-05-26 16:00 99840]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-02-05 22:13 95960]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 11:01 155648]
"{CD-DD-DC-C1-DW}"="c:\windows\system32\rwwnw64d.exe" [2008-07-14 21:14 49199]
"906cdd6e"="C:\WINDOWS\system32\scynmdev.dll" [2008-07-14 17:30 81168]
"BM935feef2"="C:\WINDOWS\system32\efqjbyfu.dll" [2008-07-14 17:29 90944]
"ExploreUpdSched"="C:\WINDOWS\system32\qcntpkdm.exe" [2008-07-14 21:27 192580]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Deewoo.lnk - C:\WINDOWS\system32\qcntpkdm.exe [2008-07-14 21:27:06 192580]
DW_Start.lnk - C:\WINDOWS\system32\rwwnw64d.exe [2008-07-14 21:14:54 49199]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [2003-04-10 06:53:45 552960]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-08-27 23:04:27 110592]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2004-09-20 13:31:48 1466384]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]
Photo Loader supervisory.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe [2007-10-05 23:27:50 229376]
Planex Wireless Utility.lnk - C:\Program Files\Planex\Common\RaUI.exe [2007-08-26 21:56:14 688128]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2005-04-28 22:06:59 114688]
Wireless Configuration Utility HW.14.lnk - C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe [2007-07-09 15:43:00 634880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 06:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 00:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.XVID"= xvid.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= msaud32_divx.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Semagic.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Semagic.lnk
backup=C:\WINDOWS\pss\Semagic.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a--c--- 2002-01-23 10:20 675840 C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2003-08-01 11:31 61440 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2005-01-29 17:32 12598440 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra--c--- 2005-08-09 20:14 155648 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\tmps\\PDMan%5FClient13.exe"=
"C:\\WINDOWS\\system32\\fscagent.exe"=
"C:\\WINDOWS\\system32\\clubbox.exe"=
"C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 NPPTNT;NPPTNT;C:\WINDOWS\System32\npptNT.sys [2003-07-22 02:14]
R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-05-04 20:40]
R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 09:57]
S3 w600bus;Sony Ericsson W600 driver (WDM);C:\WINDOWS\system32\DRIVERS\w600bus.sys [2005-08-15 17:04]
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w600mdfl.sys [2005-08-15 17:04]
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w600mdm.sys [2005-08-15 17:04]
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w600mgmt.sys [2005-08-15 17:04]
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w600obex.sys [2005-08-15 17:04]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-14 23:42:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2003-08-26 00:36:56 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Notn - C:\PROGRA~1\YSTEM3~1\rundll.exe
HKLM-Run-{bca9887c-d68a-b6f9-f7eb-a55adcefdbe6} - C:\WINDOWS\system32\dpzzjbtqctxxm.dll
ShellExecuteHooks-{82336A8D-6CD0-4647-B791-75FCA8CF2B39} - (no file)
MSConfigStartUp-STOPzilla - C:\Program Files\STOPzilla!\Stopzilla.exe
MSConfigStartUp-Weather - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
MSConfigStartUp-WT GameChannel - C:\Program Files\WildTangent\Apps\GameChannel.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 21:14:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\QTFont.for 1409 bytes
C:\WINDOWS\QTFont.qfn 54156 bytes
C:\WINDOWS\system32\rwwnw64d.exe 49199 bytes executable
C:\WINDOWS\system32\vedmnycs.ini 294 bytes

scan completed successfully
hidden files: 4

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\scynmdev.dll
-> C:\WINDOWS\system32\efqjbyfu.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Norton AntiVirus\Navapsvc.exe
C:\Program Files\Softex\OmniPass\omniServ.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hpzipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2008-07-14 21:32:28 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-07-15 01:32:20
ComboFix2.txt 2008-04-27 14:59:22

Pre-Run: 8,097,931,264 bytes free
Post-Run: 8,064,983,040 bytes free

315 --- E O F --- 2008-07-09 23:36:31



-----

And here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:26 PM, on 7/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
c:\windows\system32\rwwnw64d.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\qcntpkdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\My Documents\HJT\Scanning.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Owner/Desktop/homepage2/links.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\h5gszwhx.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\h5gszwhx.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mysidesearch search enhancer - {93584a47-f326-c9a9-036a-af51a012ad26} - C:\WINDOWS\system32\vnmgirkpzh.dll
O2 - BHO: {3fa41a13-514c-a0f8-96c4-efade97812db} - {bd21879e-dafe-4c69-8f0a-c41531a14af3} - C:\WINDOWS\system32\duflpf.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB003" /M "Stylus CX5400"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [{CD-DD-DC-C1-DW}] c:\windows\system32\rwwnw64d.exe DWram02FF
O4 - HKLM\..\Run: [906cdd6e] rundll32.exe "C:\WINDOWS\system32\scynmdev.dll",b
O4 - HKLM\..\Run: [BM935feef2] Rundll32.exe "C:\WINDOWS\system32\efqjbyfu.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Ztlbqu] "C:\Program Files\Common Files\a?sembly\c?rss.exe"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\qcntpkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Planex Wireless Utility.lnk = C:\Program Files\Planex\Common\RaUI.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.usmd.edu/...er/tdserver.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {41649A90-B484-11D1-8D75-00C04FC24EE6} (WebEQ Browser Controls) - http://phga.pearsonc...ebEQInstall.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors...ocx/plotwon.ocx
O16 - DPF: {C62DFDC7-2EEC-4C2C-827A-BC0BFB4260B3} (IMViewerControl Class) - http://companion.log...1/bin/imvid.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 11012 bytes


Thankee~~~
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\vedmnycs.ini
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\duflpf.dll
C:\WINDOWS\system32\qnamgetc.dll
C:\WINDOWS\system32\scynmdev.dll
C:\WINDOWS\system32\efqjbyfu.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\jownw64j.exe
C:\WINDOWS\system32\g30.exe
C:\WINDOWS\system32\wdcbqipgszrkcwor.exe
C:\WINDOWS\BM935feef2.xml
C:\WINDOWS\system32\fccDuuVl.dll.vir
C:\WINDOWS\system32\olixds01\olixds011065.exe

Folder::
C:\WINDOWS\system32\sfig
C:\WINDOWS\system32\provdll
C:\WINDOWS\system32\OBDE
C:\WINDOWS\system32\imp32
C:\WINDOWS\system32\olixds01
C:\temp\stmpv4
C:\WINDOWS\system32\5445

Registry::

Rootkit::
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\vedmnycs.ini


Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Also post a new HijackThis log
  • 0

#9
shippouchan

shippouchan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here's my combofix log:

ComboFix 08-07-14.2 - Owner 2008-07-15 12:57:44.10 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.226 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\BM935feef2.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\duflpf.dll
C:\WINDOWS\system32\efqjbyfu.dll
C:\WINDOWS\system32\fccDuuVl.dll.vir
C:\WINDOWS\system32\g30.exe
C:\WINDOWS\system32\jownw64j.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\olixds01\olixds011065.exe
C:\WINDOWS\system32\qnamgetc.dll
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\scynmdev.dll
C:\WINDOWS\system32\vedmnycs.ini
C:\WINDOWS\system32\wdcbqipgszrkcwor.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\stmpv4
C:\temp\stmpv4\bnwe7.log
C:\WINDOWS\BM935feef2.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\5445
C:\WINDOWS\system32\5445\~!21412p.spt
C:\WINDOWS\system32\dpzzjbtqctxxm.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\duflpf.dll
C:\WINDOWS\system32\efqjbyfu.dll
C:\WINDOWS\system32\fccDuuVl.dll.vir
C:\WINDOWS\system32\g30.exe
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\imp32
C:\WINDOWS\system32\imp32\keysrve.exe
C:\WINDOWS\system32\jownw64j.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\mysidesearch_sidebar.dll
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\OBDE
C:\WINDOWS\system32\OBDE\idexpnd.exe
C:\WINDOWS\system32\olixds01
C:\WINDOWS\system32\olixds01\olixds011065.exe
C:\WINDOWS\system32\provdll
C:\WINDOWS\system32\provdll\globsetup.exe
C:\WINDOWS\system32\qcntpkdm.exe
C:\WINDOWS\system32\qnamgetc.dll
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\scynmdev.dll
C:\WINDOWS\system32\sfig
C:\WINDOWS\system32\sfig\mcirev2.exe
C:\WINDOWS\system32\vedmnycs.ini
C:\WINDOWS\system32\wdcbqipgszrkcwor.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((( Files Created from 2008-06-15 to 2008-07-15 )))))))))))))))))))))))))))))))
.

2008-07-15 02:57 . 2008-07-15 02:57 13,942 --a------ C:\WINDOWS\system32\iphone-011.ico
2008-07-14 22:57 . 2008-07-14 22:57 9,662 --a------ C:\WINDOWS\system32\pinkip.ico
2008-07-14 21:27 . 2008-07-14 21:27 90,922 --a------ C:\WINDOWS\system32\vnmgirkpzh.dll-uninst.exe
2008-07-14 21:15 . 2008-07-14 21:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-14 21:15 . 2008-07-14 21:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-14 09:31 . 2008-07-14 09:31 <DIR> d-------- C:\Deckard
2008-07-13 10:42 . 2008-07-13 10:42 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-13 10:36 . 2008-07-13 17:37 <DIR> d-------- C:\SDFix
2008-07-13 01:43 . 2008-07-13 01:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-13 01:38 . 2008-07-13 01:38 4,286 --a------ C:\WINDOWS\system32\Jamster.ico
2008-07-12 00:36 . 2003-04-10 07:05 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-07-12 00:36 . 2003-04-10 06:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-12 00:36 . 2003-04-10 06:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-07-12 00:36 . 2003-04-10 07:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-07-12 00:36 . 2003-04-10 06:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-07-12 00:36 . 2003-04-10 06:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2008-07-12 00:36 . 2008-07-12 00:36 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-11 23:55 . 2008-07-11 23:55 <DIR> d-------- C:\VundoFix Backups
2008-07-11 23:00 . 2008-07-11 23:00 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-07-11 22:49 . 2002-08-29 08:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-03 10:45 . 2008-07-03 10:45 364,544 --a------ C:\WINDOWS\system32\vnmgirkpzh.dll
2008-06-30 17:38 . 2007-05-04 20:40 215,040 --a------ C:\WINDOWS\system32\drivers\RTL8187B.sys
2008-06-30 17:37 . 2008-06-30 17:37 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-06-30 17:37 . 2008-06-30 17:37 <DIR> d-------- C:\Program Files\TRENDnet
2008-06-20 06:44 . 2008-06-20 06:44 138,368 --a--c--- C:\WINDOWS\system32\dllcache\afd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-15 17:06 --------- d-----w C:\Documents and Settings\Owner\Application Data\DNA
2008-07-14 21:30 --------- d-----w C:\Program Files\STOPzilla!
2008-07-14 21:30 --------- d-----w C:\Program Files\Common Files\STOPzilla!
2008-07-12 03:01 --------- d-----w C:\Program Files\Starcraft
2008-07-11 14:44 --------- d-----w C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-07-01 03:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\Aim
2008-06-30 21:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2007-01-29 01:41 88,592 -c--a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2003-04-10 10:51 32 --sha-w C:\WINDOWS\{DA550BF1-5AE0-4007-B9B0-C9FF520E8090}.dat
2004-09-06 18:13 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
2003-04-10 10:51 32 --sha-w C:\WINDOWS\system32\{1BADA6CB-9766-4CB8-9EA3-38879756A4DF}.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-14_21.31.47.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-14 22:34:33 32,648 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-07-15 17:08:28 32,648 ----a-w C:\WINDOWS\system32\tablet.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93584a47-f326-c9a9-036a-af51a012ad26}]
2008-07-03 10:45 364544 --a------ C:\WINDOWS\system32\vnmgirkpzh.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ztlbqu"="C:\Program Files\Common Files\a?sembly\c?rss.exe" [?]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-09 19:17 289088]
"AIM"="C:\Program Files\AIM\aim.exe" [2003-08-01 11:31 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 16:51 118784]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42 212992]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-12-02 17:11 54296]
"ccRegVfy"="c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2003-12-02 17:11 58392]
"QuickFinder Scheduler"="C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2001-10-01 21:36 77887]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-22 01:28 188416]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 01:31 208952]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 08:00 59392]
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [2003-02-24 17:11 266313]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54 241664]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 16:55 155648]
"EPSON Stylus CX5400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" [2003-05-26 16:00 99840]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-02-05 22:13 95960]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 11:01 155648]
"{bca9887c-d68a-b6f9-f7eb-a55adcefdbe6}"="C:\WINDOWS\system32\dpzzjbtqctxxm.dll" [BU]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Deewoo.lnk - C:\QooBox\Quarantine\C\WINDOWS\system32\qcntpkdm.exe.vir [2008-07-14 21:27:06 192580]
DW_Start.lnk - C:\QooBox\Quarantine\C\WINDOWS\system32\rwwnw64d.exe.vir [2008-07-14 21:14:54 49199]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [2003-04-10 06:53:45 552960]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-08-27 23:04:27 110592]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2004-09-20 13:31:48 1466384]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]
Photo Loader supervisory.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe [2007-10-05 23:27:50 229376]
Planex Wireless Utility.lnk - C:\Program Files\Planex\Common\RaUI.exe [2007-08-26 21:56:14 688128]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2005-04-28 22:06:59 114688]
Wireless Configuration Utility HW.14.lnk - C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe [2007-07-09 15:43:00 634880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 06:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 00:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.XVID"= xvid.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= msaud32_divx.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Semagic.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Semagic.lnk
backup=C:\WINDOWS\pss\Semagic.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a--c--- 2002-01-23 10:20 675840 C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2003-08-01 11:31 61440 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2005-01-29 17:32 12598440 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra--c--- 2005-08-09 20:14 155648 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\tmps\\PDMan%5FClient13.exe"=
"C:\\WINDOWS\\system32\\fscagent.exe"=
"C:\\WINDOWS\\system32\\clubbox.exe"=
"C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 NPPTNT;NPPTNT;C:\WINDOWS\System32\npptNT.sys [2003-07-22 02:14]
R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-05-04 20:40]
R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 09:57]
S3 w600bus;Sony Ericsson W600 driver (WDM);C:\WINDOWS\system32\DRIVERS\w600bus.sys [2005-08-15 17:04]
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w600mdfl.sys [2005-08-15 17:04]
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w600mdm.sys [2005-08-15 17:04]
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w600mgmt.sys [2005-08-15 17:04]
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w600obex.sys [2005-08-15 17:04]

*Newly Created Service* - SJYPKT
.
Contents of the 'Scheduled Tasks' folder
"2008-07-14 23:42:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2003-08-26 00:36:56 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-{CD-DD-DC-C1-DW} - c:\windows\system32\rwwnw64d.exe
HKLM-Run-906cdd6e - C:\WINDOWS\system32\scynmdev.dll
HKLM-Run-BM935feef2 - C:\WINDOWS\system32\efqjbyfu.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 13:12:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\explorer.exe [11596] 0x81E9C020

scanning hidden autostart entries ...

scanning hidden files ...


C:\Documents and Settings\Owner\Application Data\Aim\bartcache\1\2B00001C0D 3616 bytes
C:\Documents and Settings\Owner\Application Data\Aim\bartcache\1\0201D20472 90 bytes
C:\Documents and Settings\Owner\Application Data\Aim\bartcache\1\70F9D8EB3D9A71C7003AEEE632B712EE 1851 bytes
C:\Documents and Settings\Owner\Application Data\Aim\bartcache\1\18934B1CF73281ED98818CA06325A918 1372 bytes
C:\Documents and Settings\Owner\Application Data\Aim\bartcache\1\D5A5ED9F8C379D273CF91E4A3F2DE158 6247 bytes
C:\Documents and Settings\Owner\Application Data\Aim\bartcache\1\35695E01E1BC1DCB7A894BDC36BE721C 6944 bytes
C:\Documents and Settings\Owner\Application Data\Aim\bartcache\1\1E35A58BC15AC3DB62065B101DBA500C 2657 bytes
C:\Documents and Settings\Owner\Application Data\Aim\bartcache\1\E55D0A81339FBA0803537149AE1A9B07 6329 bytes
C:\Documents and Settings\Owner\Application Data\Aim\bartcache\1\0799FB43189F1197B4FE8CA650BCF479 2437 bytes
C:\Documents and Settings\Owner\Application Data\Aim\bartcache\1\08A4A3BA194F621E1211C71F68C1C64A 4354 bytes
C:\Documents and Settings\Owner\Application Data\Aim\bartcache\1\2B000004C6 2966 bytes
C:\Documents and Settings\Owner\Application Data\Aim\bartcache\1\6594A0E16169B5D215ACC5282AFFA8B2 5047 bytes

scan completed successfully
hidden files: 12

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Norton AntiVirus\Navapsvc.exe
C:\Program Files\Softex\OmniPass\omniServ.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hpzipm12.exe
.
**************************************************************************
.
Completion time: 2008-07-15 13:29:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-15 17:29:25
ComboFix2.txt 2008-07-15 01:32:29
ComboFix3.txt 2008-04-27 14:59:22

Pre-Run: 7,964,295,168 bytes free
Post-Run: 8,007,290,880 bytes free

282 --- E O F --- 2008-07-09 23:36:31


And my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:26 PM, on 7/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Planex\Common\RaUI.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\HJT\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Owner/Desktop/homepage2/links.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\h5gszwhx.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\h5gszwhx.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mysidesearch search enhancer - {93584a47-f326-c9a9-036a-af51a012ad26} - C:\WINDOWS\system32\vnmgirkpzh.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB003" /M "Stylus CX5400"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [{bca9887c-d68a-b6f9-f7eb-a55adcefdbe6}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\dpzzjbtqctxxm.dll" DllStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Ztlbqu] "C:\Program Files\Common Files\a?sembly\c?rss.exe"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\QooBox\Quarantine\C\WINDOWS\system32\qcntpkdm.exe.vir
O4 - Startup: DW_Start.lnk = C:\QooBox\Quarantine\C\WINDOWS\system32\rwwnw64d.exe.vir
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Planex Wireless Utility.lnk = C:\Program Files\Planex\Common\RaUI.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.usmd.edu/...er/tdserver.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {41649A90-B484-11D1-8D75-00C04FC24EE6} (WebEQ Browser Controls) - http://phga.pearsonc...ebEQInstall.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors...ocx/plotwon.ocx
O16 - DPF: {C62DFDC7-2EEC-4C2C-827A-BC0BFB4260B3} (IMViewerControl Class) - http://companion.log...1/bin/imvid.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 10933 bytes


thanks. ^__^v
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\iphone-011.ico
C:\WINDOWS\system32\pinkip.ico
C:\WINDOWS\system32\vnmgirkpzh.dll-uninst.exe
C:\WINDOWS\system32\Jamster.ico
C:\WINDOWS\system32\vnmgirkpzh.dll

Folder::

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall






Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

Advertisements


#11
shippouchan

shippouchan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Kaspersky log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, July 17, 2008 4:06:08 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/07/2008
Kaspersky Anti-Virus database records: 963176
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 217861
Number of viruses found: 42
Number of infected objects: 137
Number of suspicious objects: 0
Duration of the scan process: 04:16:22

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\arch22776.jar-68c62f3c-547a31f3.zip/RunString.class Infected: Trojan.Java.ClassLoader.d skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\arch22776.jar-68c62f3c-547a31f3.zip/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\arch22776.jar-68c62f3c-547a31f3.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\arch22776.jar-68c62f3c-547a31f3.zip/Colors.class Infected: Trojan-Downloader.Java.OpenStream.b skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\arch22776.jar-68c62f3c-547a31f3.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\classload.jar-11faa9ed-7df0dee9.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\classload.jar-11faa9ed-7df0dee9.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\classload.jar-11faa9ed-7df0dee9.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\classload.jar-11faa9ed-7df0dee9.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\classload.jar-11faa9ed-7df0dee9.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\classload.jar-7eb4d059-3605edf7.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\classload.jar-7eb4d059-3605edf7.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\classload.jar-7eb4d059-3605edf7.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\classload.jar-7eb4d059-3605edf7.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\classload.jar-7eb4d059-3605edf7.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\count.jar-f336957-3d7b3728.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\count.jar-f336957-3d7b3728.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\count.jar-f336957-3d7b3728.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\count.jar-f336957-3d7b3728.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\javainstaller.jar-31f0c089-6c4ae1fe.zip/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\javainstaller.jar-31f0c089-6c4ae1fe.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\javainstaller.jar-4514e5ea-6ada9779.zip/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\javainstaller.jar-4514e5ea-6ada9779.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\Jeanne\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\Jeanne\formhistory.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\Jeanne\history.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\Jeanne\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\Jeanne\parent.lock Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\Jeanne\search.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\Jeanne\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\other\SetupRevelationV2.exe/WISE0012.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\Documents and Settings\Owner\Desktop\other\SetupRevelationV2.exe/WISE0013.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\Documents and Settings\Owner\Desktop\other\SetupRevelationV2.exe WiseSFX: infected - 2 skipped
C:\Documents and Settings\Owner\Desktop\tmps\43516.exe/WISE0018.BIN Infected: Trojan-Downloader.Win32.Small.bke skipped
C:\Documents and Settings\Owner\Desktop\tmps\43516.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Documents and Settings\Owner\Desktop\tmps\43516.exe WiseSFX: infected - 2 skipped
C:\Documents and Settings\Owner\Desktop\tmps\43516.exe WiseSFXDropper: infected - 2 skipped
C:\Documents and Settings\Owner\Desktop\tmps\¤p³¾.com/4.sfx.exe/4.exe Infected: Trojan-PSW.Win32.Nilage.bfn skipped
C:\Documents and Settings\Owner\Desktop\tmps\¤p³¾.com/4.sfx.exe Infected: Trojan-PSW.Win32.Nilage.bfn skipped
C:\Documents and Settings\Owner\Desktop\tmps\¤p³¾.com RAR: infected - 2 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\Jeanne\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\Jeanne\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\Jeanne\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\Jeanne\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008071720080718\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\My Documents\AIM Logs\shippouchan\SatinCordite\2005-04-28 [Thursday]\RevelationV2.zip/SetupRevelationV2.exe/WISE0012.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\Documents and Settings\Owner\My Documents\AIM Logs\shippouchan\SatinCordite\2005-04-28 [Thursday]\RevelationV2.zip/SetupRevelationV2.exe/WISE0013.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\Documents and Settings\Owner\My Documents\AIM Logs\shippouchan\SatinCordite\2005-04-28 [Thursday]\RevelationV2.zip/SetupRevelationV2.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\Documents and Settings\Owner\My Documents\AIM Logs\shippouchan\SatinCordite\2005-04-28 [Thursday]\RevelationV2.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Owner\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\hp\region\EN_US-ie.reg Infected: Trojan.WinREG.StartPage skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\SnadBoy's Revelation v2\Revelation.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\Program Files\SnadBoy's Revelation v2\RevelationHelper.dll Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\omuw\omuwa.exe.vir Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\omuw\omuwl.exe.vir Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\omuw\omuwm.exe.vir Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\omuw\omuwp.exe.vir Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\QooBox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\QooBox\Quarantine\C\Program Files\YSTEM3~1\rundll.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
C:\QooBox\Quarantine\C\WINDOWS\444.470.vir Infected: Trojan.Win32.DNSChanger.eys skipped
C:\QooBox\Quarantine\C\WINDOWS\lfn.exe.vir Infected: Hoax.Win32.Renos.vajj skipped
C:\QooBox\Quarantine\C\WINDOWS\portsv.exe.vir Infected: Trojan.Win32.Agent.sdd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ayvsoijf.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bql skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\botunlcr.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bql skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\clbdll.dll.vir Infected: Rootkit.Win32.Clbd.ez skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\djiwyg.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bqh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\ati1ttxxx.sys.zip/ati1ttxxx.sys Infected: Rootkit.Win32.Agent.aol skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\ati1ttxxx.sys.zip ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gtazpz.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bqh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\imp32\keysrve.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jownw64j.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\OBDE\idexpnd.exe.vir Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\olixds01\olixds011065.exe.vir Infected: Trojan-Downloader.Win32.VB.eyc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\owznmgre.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.if skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\provdll\globsetup.exe.vir Infected: Trojan.Win32.DNSChanger.eyr skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qcntpkdm.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.bv skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rsgycqew.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bqh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rwwnw64d.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sfig\mcirev2.exe.vir Infected: Trojan.Win32.Agent.lom skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vsnbflfa.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bqh skipped
C:\SDFix\backups\backups.zip/backups/asappsrv.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\SDFix\backups\backups.zip/backups/b103.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\SDFix\backups\backups.zip/backups/b104.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\SDFix\backups\backups.zip/backups/b104.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\SDFix\backups\backups.zip/backups/b104.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\SDFix\backups\backups.zip/backups/b104.exe Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\SDFix\backups\backups.zip/backups/command.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\SDFix\backups\backups.zip/backups/mrofinu1000106.exe Infected: Trojan-Downloader.Win32.Homles.br skipped
C:\SDFix\backups\backups.zip/backups/mrofinu572.exe Infected: Trojan-Downloader.Win32.Homles.br skipped
C:\SDFix\backups\backups.zip/backups/mrofinu572.exe.tmp Infected: Trojan-Downloader.Win32.Homles.br skipped
C:\SDFix\backups\backups.zip/backups/netmon.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\SDFix\backups\backups.zip/backups/rwwnw64d.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\SDFix\backups\backups.zip/backups/uoyzsydz.exe Infected: Hoax.Win32.Renos.vajj skipped
C:\SDFix\backups\backups.zip/backups/Yazzle1281OinAdmin.exe Infected: Trojan.Win32.Scapur.k skipped
C:\SDFix\backups\backups.zip/backups/Yazzle1281OinUninstaller.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\SDFix\backups\backups.zip/backups/Yazzle1281OinUninstaller.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\SDFix\backups\backups.zip/backups/yazzsnet.exe/data0003 Infected: Trojan.Win32.Scapur.k skipped
C:\SDFix\backups\backups.zip/backups/yazzsnet.exe Infected: Trojan.Win32.Scapur.k skipped
C:\SDFix\backups\backups.zip ZIP: infected - 18 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP42\A0006568.exe Infected: Trojan-Downloader.Win32.Homles.br skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP43\A0006570.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP43\A0007527.exe Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP43\A0007528.exe Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP43\snapshot\MFEX-1.DAT Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP43\snapshot\MFEX-2.DAT Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP44\A0008742.exe Infected: not-a-virus:AdWare.Win32.PurityScan.id skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP44\A0008744.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP44\A0008754.dll Infected: not-a-virus:AdWare.Win32.PurityScan.if skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP44\A0008811.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP44\A0008812.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP44\A0008814.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP44\A0008815.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP44\A0008815.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP44\A0008818.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP44\A0008819.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP44\A0008819.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP44\A0008819.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP44\A0008819.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP44\A0008820.exe Infected: Trojan-Downloader.Win32.Homles.br skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP44\A0008821.exe Infected: Trojan-Downloader.Win32.Homles.br skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP44\A0008822.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP44\A0008867.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP44\A0008868.exe Infected: Hoax.Win32.Renos.vajj skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP47\A0011136.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP47\A0011137.exe Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP47\A0011142.exe Infected: Hoax.Win32.Renos.vajj skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP47\A0011143.dll Infected: Rootkit.Win32.Clbd.ez skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP47\A0011145.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP47\A0011147.exe Infected: Trojan.Win32.Agent.sdd skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP47\A0011148.exe Infected: not-a-virus:AdWare.Win32.PurityScan.id skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP47\A0011152.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bv skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP47\A0011153.dll Infected: not-a-virus:AdWare.Win32.PurityScan.if skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP47\A0011154.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bql skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP47\A0011155.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bql skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP47\A0011157.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bqh skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP47\A0011159.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bqh skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP47\A0011162.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bqh skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP47\A0011163.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bqh skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP47\A0011172.exe Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP47\A0011174.exe Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP47\A0011176.exe Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP47\A0011177.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP48\A0011300.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP48\A0011301.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP48\A0011302.exe Infected: Trojan-Downloader.Win32.VB.eyc skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP48\A0011303.exe Infected: Trojan.Win32.DNSChanger.eyr skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP48\A0011304.exe Infected: Trojan.Win32.Agent.lom skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP48\A0011307.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP48\A0011316.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP48\A0011324.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bv skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP50\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\RTacDbg.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{80E736D4-E08D-40B8-A6E5-2DF5278E2E9A}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP50\change.log Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP50\change.log Object is locked skipped

Scan process completed.


ComboFix log:

ComboFix 08-07-14.2 - Owner 2008-07-17 0:20:38.11 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.221 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\iphone-011.ico
C:\WINDOWS\system32\Jamster.ico
C:\WINDOWS\system32\pinkip.ico
C:\WINDOWS\system32\vnmgirkpzh.dll
C:\WINDOWS\system32\vnmgirkpzh.dll-uninst.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\iphone-011.ico
C:\WINDOWS\system32\Jamster.ico
C:\WINDOWS\system32\pinkip.ico
C:\WINDOWS\system32\vnmgirkpzh.dll-uninst.exe
C:\WINDOWS\system32\vnmgirkpzh.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 )))))))))))))))))))))))))))))))
.

2008-07-14 21:15 . 2008-07-15 13:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-14 21:15 . 2008-07-14 21:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-14 09:31 . 2008-07-14 09:31 <DIR> d-------- C:\Deckard
2008-07-13 10:42 . 2008-07-13 10:42 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-13 10:36 . 2008-07-13 17:37 <DIR> d-------- C:\SDFix
2008-07-13 01:43 . 2008-07-13 01:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-12 00:36 . 2003-04-10 07:05 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-07-12 00:36 . 2003-04-10 06:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-12 00:36 . 2003-04-10 06:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-07-12 00:36 . 2003-04-10 07:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-07-12 00:36 . 2003-04-10 06:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-07-12 00:36 . 2003-04-10 06:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2008-07-12 00:36 . 2008-07-12 00:36 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-11 23:55 . 2008-07-11 23:55 <DIR> d-------- C:\VundoFix Backups
2008-07-11 23:00 . 2008-07-11 23:00 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-07-11 22:49 . 2002-08-29 08:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-06-30 17:38 . 2007-05-04 20:40 215,040 --a------ C:\WINDOWS\system32\drivers\RTL8187B.sys
2008-06-30 17:37 . 2008-06-30 17:37 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-06-30 17:37 . 2008-06-30 17:37 <DIR> d-------- C:\Program Files\TRENDnet
2008-06-20 06:44 . 2008-06-20 06:44 138,368 --a--c--- C:\WINDOWS\system32\dllcache\afd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-17 04:28 --------- d-----w C:\Documents and Settings\Owner\Application Data\DNA
2008-07-17 04:28 --------- d-----w C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-07-14 21:30 --------- d-----w C:\Program Files\STOPzilla!
2008-07-14 21:30 --------- d-----w C:\Program Files\Common Files\STOPzilla!
2008-07-12 03:01 --------- d-----w C:\Program Files\Starcraft
2008-07-01 03:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\Aim
2008-06-30 21:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-01-29 01:41 88,592 -c--a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2003-04-10 10:51 32 --sha-w C:\WINDOWS\{DA550BF1-5AE0-4007-B9B0-C9FF520E8090}.dat
2004-09-06 18:13 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
2003-04-10 10:51 32 --sha-w C:\WINDOWS\system32\{1BADA6CB-9766-4CB8-9EA3-38879756A4DF}.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-14_21.31.47.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-14 22:34:33 32,648 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-07-15 17:08:28 32,648 ----a-w C:\WINDOWS\system32\tablet.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ztlbqu"="C:\Program Files\Common Files\a?sembly\c?rss.exe" [?]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-09 19:17 289088]
"AIM"="C:\Program Files\AIM\aim.exe" [2003-08-01 11:31 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 16:51 118784]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42 212992]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-12-02 17:11 54296]
"ccRegVfy"="c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2003-12-02 17:11 58392]
"QuickFinder Scheduler"="C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2001-10-01 21:36 77887]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-22 01:28 188416]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 01:31 208952]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 08:00 59392]
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [2003-02-24 17:11 266313]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54 241664]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 16:55 155648]
"EPSON Stylus CX5400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" [2003-05-26 16:00 99840]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-02-05 22:13 95960]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 11:01 155648]
"{bca9887c-d68a-b6f9-f7eb-a55adcefdbe6}"="C:\WINDOWS\system32\dpzzjbtqctxxm.dll" [BU]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Deewoo.lnk - C:\QooBox\Quarantine\C\WINDOWS\system32\qcntpkdm.exe.vir [2008-07-14 21:27:06 192580]
DW_Start.lnk - C:\QooBox\Quarantine\C\WINDOWS\system32\rwwnw64d.exe.vir [2008-07-14 21:14:54 49199]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [2003-04-10 06:53:45 552960]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-08-27 23:04:27 110592]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2004-09-20 13:31:48 1466384]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]
Photo Loader supervisory.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe [2007-10-05 23:27:50 229376]
Planex Wireless Utility.lnk - C:\Program Files\Planex\Common\RaUI.exe [2007-08-26 21:56:14 688128]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2005-04-28 22:06:59 114688]
Wireless Configuration Utility HW.14.lnk - C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe [2007-07-09 15:43:00 634880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 06:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 00:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.XVID"= xvid.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= msaud32_divx.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Semagic.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Semagic.lnk
backup=C:\WINDOWS\pss\Semagic.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a--c--- 2002-01-23 10:20 675840 C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2003-08-01 11:31 61440 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2005-01-29 17:32 12598440 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra--c--- 2005-08-09 20:14 155648 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\tmps\\PDMan%5FClient13.exe"=
"C:\\WINDOWS\\system32\\fscagent.exe"=
"C:\\WINDOWS\\system32\\clubbox.exe"=
"C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 NPPTNT;NPPTNT;C:\WINDOWS\System32\npptNT.sys [2003-07-22 02:14]
R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-05-04 20:40]
R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 09:57]
S3 w600bus;Sony Ericsson W600 driver (WDM);C:\WINDOWS\system32\DRIVERS\w600bus.sys [2005-08-15 17:04]
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w600mdfl.sys [2005-08-15 17:04]
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w600mdm.sys [2005-08-15 17:04]
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w600mgmt.sys [2005-08-15 17:04]
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w600obex.sys [2005-08-15 17:04]

*Newly Created Service* - CATCHME
*Newly Created Service* - SJYPKT
.
Contents of the 'Scheduled Tasks' folder
"2008-07-14 23:42:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2003-08-26 00:36:56 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-17 00:28:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-07-17 0:39:50
ComboFix-quarantined-files.txt 2008-07-17 04:39:26
ComboFix2.txt 2008-07-15 17:29:36
ComboFix3.txt 2008-07-15 01:32:29
ComboFix4.txt 2008-04-27 14:59:22

Pre-Run: 7,214,583,808 bytes free
Post-Run: 7,200,256,000 bytes free

206 --- E O F --- 2008-07-09 23:36:31


Thanks. ^__^v
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Documents and Settings\Owner\Desktop\other\SetupRevelationV2.exe
    C:\Documents and Settings\Owner\Desktop\tmps\43516.exe
    C:\Documents and Settings\Owner\Desktop\tmps\¤p³¾.com
    C:\Documents and Settings\Owner\My Documents\AIM Logs\shippouchan\SatinCordite\2005-04-28 [Thursday]\RevelationV2.zip
    C:\hp\region\EN_US-ie.reg
    C:\Program Files\SnadBoy's Revelation v2
    purity 
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Also post a new HijackThis log
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Post the logs
  • 0

#15
shippouchan

shippouchan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thanks~ :)

OTMoveIt2 log:

Explorer killed successfully
C:\Documents and Settings\Owner\Desktop\other\SetupRevelationV2.exe moved successfully.
C:\Documents and Settings\Owner\Desktop\tmps\43516.exe moved successfully.
C:\Documents and Settings\Owner\Desktop\tmps\¤p³¾.com moved successfully.
< C:\Documents and Settings\Owner\My Documents\AIM Logs\shippouchan\SatinCordite\2005-04-28 [Thursday]\RevelationV2.zip >
C:\Documents and Settings\Owner\My Documents\AIM Logs\shippouchan\SatinCordite\2005-04-28 [Thursday]\RevelationV2.zip moved successfully.
C:\hp\region\EN_US-ie.reg moved successfully.
C:\Program Files\SnadBoy's Revelation v2 moved successfully.
< purity >
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07232008_112725


HiJackThis file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:47 AM, on 7/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\My Documents\HJT\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Owner/Desktop/homepage2/links.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\h5gszwhx.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\h5gszwhx.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB003" /M "Stylus CX5400"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [{bca9887c-d68a-b6f9-f7eb-a55adcefdbe6}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\dpzzjbtqctxxm.dll" DllStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Ztlbqu] "C:\Program Files\Common Files\a?sembly\c?rss.exe"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\QooBox\Quarantine\C\WINDOWS\system32\qcntpkdm.exe.vir
O4 - Startup: DW_Start.lnk = C:\QooBox\Quarantine\C\WINDOWS\system32\rwwnw64d.exe.vir
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Planex Wireless Utility.lnk = C:\Program Files\Planex\Common\RaUI.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.usmd.edu/...er/tdserver.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {41649A90-B484-11D1-8D75-00C04FC24EE6} (WebEQ Browser Controls) - http://phga.pearsonc...ebEQInstall.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors...ocx/plotwon.ocx
O16 - DPF: {C62DFDC7-2EEC-4C2C-827A-BC0BFB4260B3} (IMViewerControl Class) - http://companion.log...1/bin/imvid.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 10947 bytes
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP