Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Spyware/Malware/Spamming [RESOLVED]

Started by Trout27 , Jul 24 2008 10:47 PM

  • This topic is locked This topic is locked

#1
Trout27
Posted 24 July 2008 - 10:47 PM

Trout27

    Member

  • Member
  • PipPip
  • 57 posts
My computer has been running extremely slow and I believe it is infected. Also, my in-box has been full of undeliverable mail so I believe that my PC has been hijacked and is spamming. How can I stop this! I have run SuperAntispyware, Adaware & Anti-Malware. Here is my Hi-jack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:29 AM, on 7/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon....p;bm=ho_central
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\default\wfbest.exe \s,
O2 - BHO: 0 - {74D1B572-46E9-44DC-2988-8ADBEE4539F3} - C:\Program Files\Internet Explorer\qudanuw.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {BB583D1E-D38C-EE5E-D908-FEADDBE22096} - C:\WINDOWS\system32\hujcw.dll (file missing)
O2 - BHO: (no name) - {D58E6709-DFBB-4C91-A4D0-57AC83E83827} - C:\WINDOWS\system32\nnllk.dll (file missing)
O2 - BHO: (no name) - {E3907356-4546-45A4-BCCF-A128093AA5C1} - C:\Program Files\Messenger\merot.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] "C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Microsoft Works\WkDetect.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] "C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [wywlu] C:\WINDOWS\system32\wywlu.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [System Mechanics Synoptics Services] smss.exe
O4 - HKLM\..\Run: [jqyigl] C:\WINDOWS\system32\jqyigl.exe \u
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [cmlxeptkbiwc] C:\WINDOWS\system32\cmlxeptkbiwc.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Lekuthg] "C:\Documents and Settings\default\Application Data\??crosoft\w?nlogon.exe"
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Words] C:\Program Files\Words\Words.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfi...IOS/tgctlcm.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.teachsp...emote/msrdp.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: efcyyab - efcyyab.dll (file missing)
O20 - Winlogon Notify: nnllk - C:\WINDOWS\system32\nnllk.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logon Authority (LogonManagerSVC) - Unknown owner - C:\WINDOWS\system32\logonmgr.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10279 bytes
  • 0

Advertisements

#2
fenzodahl512
Posted 24 July 2008 - 10:57 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following...


Please uninstall Viewpoint from your computer..



Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




NEXT


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.




NEXT


Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.




Please post the following logs in your next reply... Please post each log in separate post...

1. SDFix
2. ComboFix
3. A fresh HijackThis log (after ComboFix step)


Regards
fenzodah512
  • 0

#3
Trout27
Posted 26 July 2008 - 05:52 PM

Trout27

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
OK, I ran everything that you asked. I will now post the logs in 3 different posts. Here bis the first one, SDFix:

SDFix: Version 1.85

Run by default - Sat 07/26/2008 - 18:43:06.21

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\CMMGR32.EXE - Deleted
C:\DOCUME~1\default\LOCALS~1\Temp\tmp*.tmp - Deleted



Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"c:\\windows\\system32\\ossproxy.exe"="c:\\windows\\system32\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1155155275\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1155155275\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\AIM6\\AIM6.EXE"="C:\\Program Files\\AIM6\\AIM6.EXE:*:Enabled:AIM"
"C:\\WINDOWS\\system32\\ijrjvstz.exe"="C:\\WINDOWS\\system32\\ijrjvstz.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\unspfg.exe"="C:\\WINDOWS\\system32\\unspfg.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\system32\\ycsxeb.exe"="C:\\WINDOWS\\system32\\ycsxeb.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\WINDOWS\\System32\\xcwr.exe"="C:\\WINDOWS\\System32\\xcwr.exe:*:Disabled:xcwr"
"C:\\DOCUME~1\\default\\LOCALS~1\\Temp\\06.exe"="C:\\DOCUME~1\\default\\LOCALS~1\\Temp\\06.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\DOCUME~1\\default\\LOCALS~1\\Temp\\13.exe"="C:\\DOCUME~1\\default\\LOCALS~1\\Temp\\13.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\DOCUME~1\\default\\LOCALS~1\\Temp\\22.exe"="C:\\DOCUME~1\\default\\LOCALS~1\\Temp\\22.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\\Documents and Settings\\default\\bvrtp.exe"="C:\\Documents and Settings\\default\\bvrtp.exe:*:Enabled:ENABLE"
"C:\\WINDOWS\\System32\\iyfqynh.exe"="C:\\WINDOWS\\System32\\iyfqynh.exe:*:Enabled:ENABLE"
"C:\\Documents and Settings\\default\\seci.exe"="C:\\Documents and Settings\\default\\seci.exe:*:Enabled:ENABLE"
"C:\\WINDOWS\\System32\\volntvw.exe"="C:\\WINDOWS\\System32\\volntvw.exe:*:Enabled:ENABLE"
"C:\\Documents and Settings\\default\\ishvud.exe"="C:\\Documents and Settings\\default\\ishvud.exe:*:Enabled:ENABLE"
"C:\\WINDOWS\\System32\\dllg.exe"="C:\\WINDOWS\\System32\\dllg.exe:*:Enabled:ENABLE"
"C:\\Documents and Settings\\default\\uts.exe"="C:\\Documents and Settings\\default\\uts.exe:*:Enabled:ENABLE"
"C:\\WINDOWS\\System32\\xfxgoa.exe"="C:\\WINDOWS\\System32\\xfxgoa.exe:*:Enabled:ENABLE"
"C:\\Documents and Settings\\default\\mgsy.exe"="C:\\Documents and Settings\\default\\mgsy.exe:*:Enabled:ENABLE"
"C:\\WINDOWS\\System32\\jqyigl.exe"="C:\\WINDOWS\\System32\\jqyigl.exe:*:Enabled:ENABLE"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\default\\wfbest.exe"="C:\\Documents and Settings\\default\\wfbest.exe:*:Enabled:ENABLE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\1155155275\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1155155275\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Program Files\Uninstall Information\IE40.Comctl32\AINF0000
C:\Program Files\Uninstall Information\mshtml.DllReg\AINF0000
C:\Program Files\MSNDELL\MSNCOREFILES.NEW.{9D6EAA4F-27B2-4407-AC72-4BBD2FCB6ED1}\msdbx.dll.2119.pat.0000.aut
C:\WINDOWS\SYSTEM32\smss.exe
C:\Documents and Settings\default\uts.exe
C:\Documents and Settings\default\ishvud.exe
C:\Documents and Settings\default\mgsy.exe
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1790\A0215605.exe
C:\LOGO.SYS
C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
C:\WINDOWS\SYSTEM32\3317E83D67.sys
C:\SDFix\SDFix\dummy.sys
C:\WINDOWS\DRM\Cache\Indiv01.tmp
C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT4.tmp
C:\Documents and Settings\default\My Documents\~WRL0795.tmp
C:\Documents and Settings\default\My Documents\~WRL3812.tmp
C:\Documents and Settings\default\Application Data\Microsoft\Templates\~WRL0005.tmp
C:\Documents and Settings\default\Application Data\Microsoft\Templates\~WRL2227.tmp
C:\Documents and Settings\default\Application Data\Microsoft\Templates\~WRL3410.tmp
C:\Documents and Settings\default\Application Data\Microsoft\Templates\~WRL0946.tmp
C:\Documents and Settings\default\Application Data\Microsoft\Templates\~WRL3251.tmp
C:\Documents and Settings\default\Application Data\Microsoft\Templates\~WRL1398.tmp
C:\Documents and Settings\default\Application Data\Microsoft\Templates\~WRL3469.tmp
C:\Documents and Settings\default\Application Data\Microsoft\Templates\~WRL1187.tmp
C:\Documents and Settings\default\Application Data\Microsoft\Templates\~WRL3848.tmp
C:\Documents and Settings\default\Application Data\Microsoft\Templates\~WRL1633.tmp
C:\Documents and Settings\default\Application Data\Microsoft\Templates\~WRL3311.tmp
C:\Documents and Settings\default\Application Data\Microsoft\Templates\~WRL1699.tmp
C:\Documents and Settings\default\Application Data\Microsoft\Templates\~WRL1157.tmp
C:\Documents and Settings\default\Application Data\Microsoft\Templates\~WRL2482.tmp
C:\Documents and Settings\default\Application Data\Microsoft\Templates\~WRL2807.tmp
C:\Documents and Settings\default\Application Data\Microsoft\Word\~WRL0005.tmp
C:\Documents and Settings\default\Application Data\Microsoft\Word\~WRL1983.tmp
C:\Documents and Settings\default\Application Data\Microsoft\Word\~WRL0726.tmp
C:\Documents and Settings\default\Application Data\Microsoft\Word\~WRL4083.tmp
C:\Documents and Settings\default\Application Data\Microsoft\Word\~WRL0980.tmp
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\vz-sas-tutorials-2008-03.41.zip.dir\en\for-spa-without-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200803-1.18467.zip.dir\en\for-spa-with-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200803-1.18467.zip.dir\en\for-spa-without-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200803-2.41.zip.dir\en\for-spa-with-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200803-2.41.zip.dir\en\for-spa-without-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200803-3.41.zip.dir\en\for-spa-with-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200803-3.41.zip.dir\en\for-spa-without-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200803-4.41.zip.dir\en\for-spa-with-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200803-4.41.zip.dir\en\for-spa-without-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200803-5.41.zip.dir\en\for-spa-with-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200803-5.41.zip.dir\en\for-spa-without-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200804-1.41.zip.dir\en\for-spa-with-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200804-1.41.zip.dir\en\for-spa-without-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\vz-sas-tutorials-2008-04.18467.zip.dir\en\for-spa-without-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200804-2.41.zip.dir\en\for-spa-with-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200804-2.41.zip.dir\en\for-spa-without-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200804-3.41.zip.dir\en\for-spa-with-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200804-3.41.zip.dir\en\for-spa-without-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200804-4.41.zip.dir\en\for-spa-with-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200804-4.41.zip.dir\en\for-spa-without-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200804-5.41.zip.dir\en\for-spa-with-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200804-5.41.zip.dir\en\for-spa-without-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\vz-sas-tutorials-2008-05.41.zip.dir\en\for-spa-without-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200805-1.18467.zip.dir\en\for-spa-with-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200805-1.18467.zip.dir\en\for-spa-without-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200805-2.41.zip.dir\en\for-spa-with-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200805-2.41.zip.dir\en\for-spa-without-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200805-3.41.zip.dir\en\for-spa-with-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200805-3.41.zip.dir\en\for-spa-without-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200805-4.41.zip.dir\en\for-spa-with-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200805-4.41.zip.dir\en\for-spa-without-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200805-5.41.zip.dir\en\for-spa-with-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200805-5.41.zip.dir\en\for-spa-without-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\vz-sas-tutorials-2008-07.41.zip.dir\en\for-spa-without-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200807-1.18467.zip.dir\en\for-spa-with-container\images\Thumbs.db
C:\Documents and Settings\default\Application Data\Verizon\VSP\downloads\VerizonSASTip-200807-1.18467.zip.dir\en\for-spa-without-container\images\Thumbs.db

Finished
  • 0

#4
Trout27
Posted 26 July 2008 - 05:54 PM

Trout27

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Here is the next one......ComboFix:

ComboFix 08-07-26.1 - default 2008-07-26 19:32:53.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.107 [GMT -4:00]
Running from: C:\Documents and Settings\default\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\default\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\default\Application Data\CROSOF~1
C:\Documents and Settings\default\Application Data\macromedia\Flash Player\#SharedObjects\26C9KRMG\interclick.com
C:\Documents and Settings\default\Application Data\macromedia\Flash Player\#SharedObjects\26C9KRMG\interclick.com\ud.sol
C:\Documents and Settings\default\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\default\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\default\Application Data\ptads.bin
C:\Program Files\Common Files\racle~1
C:\Program Files\kernel
C:\Program Files\racle~1
C:\Program Files\racle~1\?racle\
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\tn3
C:\WINDOWS\cs_cache.ini
C:\WINDOWS\start.exe
C:\WINDOWS\SYSTEM32\41874.exe
C:\WINDOWS\system32\cqhvwgsb.ini
C:\WINDOWS\SYSTEM32\kllnn.bak2
C:\WINDOWS\SYSTEM32\kllnn.ini
C:\WINDOWS\system32\luhsncri.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nvfabvjj.ini
C:\WINDOWS\system32\o.exe
C:\WINDOWS\system32\pjhikonn.ini
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\T4
C:\WINDOWS\system32\T6
C:\WINDOWS\system32\uftteotx.ini
C:\WINDOWS\system32\windows.scr
C:\WINDOWS\Web\default.htt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NET_AGENT
-------\Legacy_SMTPDRV
-------\Service_Net Agent


((((((((((((((((((((((((( Files Created from 2008-06-26 to 2008-07-26 )))))))))))))))))))))))))))))))
.

2008-07-25 00:40 . 2008-07-25 00:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-18 20:55 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-07-15 18:02 . 2008-07-15 18:02 90,756 --ah----- C:\WINDOWS\SYSTEM32\mlfcache.dat
2008-07-14 22:54 . 2008-07-14 22:55 <DIR> d-------- C:\Program Files\Bonjour
2008-07-14 21:39 . 2008-07-14 21:39 <DIR> d-------- C:\Program Files\Safari
2008-07-04 12:21 . 2008-07-14 09:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-04 12:21 . 2008-07-04 12:21 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-03 16:04 . 2008-07-03 16:04 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-03 16:04 . 2008-07-03 16:04 <DIR> d-------- C:\Documents and Settings\default\Application Data\Malwarebytes
2008-07-03 16:04 . 2008-07-03 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-03 16:04 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-07-03 12:40 . 2008-07-03 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-03 12:26 . 2003-02-20 16:42 229,487 --a------ C:\WINDOWS\SYSTEM32\jpicpl32.cpl
2008-07-02 11:20 . 2008-07-02 11:20 62,464 ---h----- C:\Documents and Settings\default\mgsy.exe
2008-06-26 10:01 . 2008-06-26 10:01 62,464 ---h----- C:\Documents and Settings\default\uts.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 23:41 212,480 ----a-w C:\WINDOWS\system32\drivers\ndisio.sys
2008-07-10 13:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\SYSTEM32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\SYSTEM32\dllcache\bthport.sys
2008-06-06 01:56 128,368 ----a-w C:\Documents and Settings\default\Application Data\GDIPFONTCACHEV1.DAT
2008-06-02 19:25 61,440 ---h--w C:\Documents and Settings\default\ishvud.exe
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\SYSTEM32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\SYSTEM32\dllcache\quartz.dll
2008-05-06 11:37 245,760 ----a-w C:\WINDOWS\SYSTEM32\elhrfzkimnc.exe
2008-04-30 11:00 249,856 ----a-w C:\WINDOWS\SYSTEM32\bslcgw.exe
2008-04-30 10:57 249,856 ----a-w C:\WINDOWS\SYSTEM32\sfrjgqhg.exe
2008-04-26 05:19 159,744 ----a-w C:\WINDOWS\SYSTEM32\ipzjhp.exe
2000-10-13 20:56 271 --sh--w C:\Program Files\desktop.ini
2000-10-13 20:56 23,357 ---h--w C:\Program Files\folder.htt
2002-02-01 02:00 98,304 ----a-w C:\Program Files\internet explorer\plugins\IEHelper.dll
2003-04-20 13:15 32 --sha-w C:\WINDOWS\{DE2E190C-863A-4527-BAFC-7A16DEC8D1AC}.dat
2003-04-20 13:15 32 --sha-w C:\WINDOWS\SYSTEM\{122662BE-63CB-406B-8750-5A1AE39F982B}.dat
2004-08-04 07:56 50,688 --sh--r C:\WINDOWS\SYSTEM32\smss.exe
2007-12-26 14:58 2,516 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2007-12-26 14:58 168 --sh--r C:\WINDOWS\SYSTEM32\3317E83D67.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lekuthg"="C:\Documents and Settings\default\Application Data\??crosoft\w?nlogon.exe" [?]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 05:46 196608]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 07:23 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-05 09:20 1506544]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-06-10 17:31 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-08-10 12:00 311350]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-10 12:00 28739]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2002-09-27 14:38 4214784]
"MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-07-12 00:22 176128]
"mmtask"="C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-29 15:57 53248]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 19:11 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 11:03 217088]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2006-01-13 20:13 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-01-13 20:13 49152]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 17:37 936960]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe" [2006-02-01 18:33 1880064]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"nwiz"="nwiz.exe" [2002-09-27 14:38 446464 C:\WINDOWS\SYSTEM32\nwiz.exe]
"System Mechanics Synoptics Services"="smss.exe" [2004-08-04 03:56 50688 C:\WINDOWS\SYSTEM32\smss.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2005-10-12 17:13 7086080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Printing Migration"="C:\WINDOWS\System32\spool\migrate.dll" [2001-08-23 12:00 30208]

C:\Documents and Settings\default\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2007-12-02 11:07:10 225280]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"= 00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"= 00000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-25 17:37 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-07-29 10:33 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv
"aux"= ctwdm32.dll
"VIDC.CTRX"= ctrxvid.drv
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bgk48.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Puy61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"UpdReg"=C:\WINDOWS\Updreg.exe
"LoadQM"=loadqm.exe
"HPDJ Taskbar Utility"=C:\WINDOWS\SYSTEM32\hpztsb03.exe
"WorksFUD"=C:\Program Files\Microsoft Works\wkfud.exe
"RxMon"=C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
"madexe"=C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
"Speed racer"=C:\Program Files\Creative\PlayCenter\CTSRReg.exe
"AudioHQ"=C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
"WhenUSave"=C:\PROGRA~1\SAVE\Save.exe
"MMTray"=C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
"Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
"GhostStartTrayApp"=C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Documents and Settings\\default\\ishvud.exe"=
"C:\\Documents and Settings\\default\\uts.exe"=
"C:\\Documents and Settings\\default\\mgsy.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 09:02]
R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 06:41]
R3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;C:\WINDOWS\system32\DRIVERS\SMC1211.SYS [2001-07-11 11:06]
S0 Bgk48;Bgk48;C:\WINDOWS\system32\Drivers\Bgk48.sys []
S0 Cdr4vsd;Cdr4vsd;C:\WINDOWS\system32\drivers\Cdr4vsd.sys [2005-01-12 17:37]
S0 Puy61;Puy61;C:\WINDOWS\system32\Drivers\Puy61.sys []
S2 LogonManagerSVC;Logon Authority;C:\WINDOWS\system32\logonmgr.exe []
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 11:11]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2004-05-21 14:15]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\start.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\^RNA]
rundll rnasetup.dll,installoptionalcomponent rna

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
2008-07-26 C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job - G;xPF6 s!2b(C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE -cdefault9Scheduled Task for PC Health Scheduler (Data Collection)0) []
2008-07-26 C:\WINDOWS\Tasks\Uninstall Expiration Reminder.job - (&C:\WINDOWS\System32\OOBE\oobebaln.exe/sys /u /n:1SYSTEM0(< []
2008-07-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - s!4:C:\Program Files\Apple Software Update\SoftwareUpdate.exe-taskSYSTEM04 []
.
- - - - ORPHANS REMOVED - - - -

BHO-{74D1B572-46E9-44DC-2988-8ADBEE4539F3} - C:\Program Files\Internet Explorer\qudanuw.dll
BHO-{BB583D1E-D38C-EE5E-D908-FEADDBE22096} - C:\WINDOWS\system32\hujcw.dll
BHO-{D58E6709-DFBB-4C91-A4D0-57AC83E83827} - C:\WINDOWS\system32\nnllk.dll
BHO-{E3907356-4546-45A4-BCCF-A128093AA5C1} - C:\Program Files\Messenger\merot.dll
HKLM-Run-wywlu - C:\WINDOWS\system32\wywlu.exe
HKLM-Run-jqyigl - C:\WINDOWS\system32\jqyigl.exe
HKLM-RunServices-cmlxeptkbiwc - C:\WINDOWS\system32\cmlxeptkbiwc.exe
HKU-Default-Run-Words - C:\Program Files\Words\Words.exe
Notify-nnllk - C:\WINDOWS\system32\nnllk.dll
Notify-efcyyab - efcyyab.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Search Bar =
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\SYSTEM\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://mail.teachspin.com/Remote/msrdp.cab
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\msrdp.inf
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\msrdp.ocx


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-26 19:39:46
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\WINDOWS\SYSTEM32\PSISERVICE.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
**************************************************************************
.
Completion time: 2008-07-26 19:45:11 - machine was rebooted [default]
ComboFix-quarantined-files.txt 2008-07-26 23:45:02

Pre-Run: 4,741,775,360 bytes free
Post-Run: 4,628,414,464 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout = 30
default = multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS = "Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

285 --- E O F --- 2008-07-10 14:40:20
  • 0

#5
Trout27
Posted 26 July 2008 - 05:56 PM

Trout27

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Here is the last one......Fresh HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:48:35 PM, on 7/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon....p;bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] "C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Microsoft Works\WkDetect.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] "C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [System Mechanics Synoptics Services] smss.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Lekuthg] "C:\Documents and Settings\default\Application Data\??crosoft\w?nlogon.exe"
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfi...IOS/tgctlcm.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.teachsp...emote/msrdp.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logon Authority (LogonManagerSVC) - Unknown owner - C:\WINDOWS\system32\logonmgr.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 9287 bytes
  • 0

#6
fenzodahl512
Posted 27 July 2008 - 12:08 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
Bgk48
Puy61
LogonManagerSVC

File::
C:\WINDOWS\SYSTEM32\elhrfzkimnc.exe
C:\WINDOWS\SYSTEM32\bslcgw.exe
C:\WINDOWS\SYSTEM32\sfrjgqhg.exe
C:\WINDOWS\SYSTEM32\ipzjhp.exe
C:\WINDOWS\system32\Drivers\Bgk48.sys
C:\WINDOWS\system32\Drivers\Puy61.sys
C:\WINDOWS\system32logonmgr.exe
C:\WINDOWS\system32\ijrjvstz.exe
C:\WINDOWS\system32\unspfg.exe
C:\WINDOWS\system32\ycsxeb.exe
C:\WINDOWS\System32\xcwr.exe
C:\Documents and Settings\default\Local Settings\Temp\06.exe
C:\Documents and Settings\default\Local Settings\Temp\13.exe
C:\Documents and Settings\default\Local Settings\Temp\22.exe
C:\Documents and Settings\default\bvrtp.exe
C:\WINDOWS\System32\iyfqynh.exe
C:\Documents and Settings\default\seci.exe
C:\WINDOWS\System32\volntvw.exe
C:\Documents and Settings\default\ishvud.exe
C:\WINDOWS\System32\dllg.exe
C:\Documents and Settings\default\uts.exe
C:\WINDOWS\System32\xfxgoa.exe
C:\Documents and Settings\default\mgsy.exe
C:\WINDOWS\System32\jqyigl.exe
C:\Documents and Settings\default\wfbest.exe
C:\Documents and Settings\default\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

Folder::
C:\Documents and Settings\default\Application Data\??crosoft

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lekuthg"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\ijrjvstz.exe"=-
"C:\\WINDOWS\\system32\\unspfg.exe"=-
"C:\\WINDOWS\\system32\\ycsxeb.exe"=-
"C:\\WINDOWS\\System32\\xcwr.exe"=-
"C:\\DOCUME~1\\default\\LOCALS~1\\Temp\\06.exe"=-
"C:\\DOCUME~1\\default\\LOCALS~1\\Temp\\13.exe"=-
"C:\\DOCUME~1\\default\\LOCALS~1\\Temp\\22.exe"=-
"C:\\Documents and Settings\\default\\bvrtp.exe"=-
"C:\\WINDOWS\\System32\\iyfqynh.exe"=-
"C:\\Documents and Settings\\default\\seci.exe"=-
"C:\\WINDOWS\\System32\\volntvw.exe"=-
"C:\\Documents and Settings\\default\\ishvud.exe"=-
"C:\\WINDOWS\\System32\\dllg.exe"=-
"C:\\Documents and Settings\\default\\uts.exe"=-
"C:\\WINDOWS\\System32\\xfxgoa.exe"=-
"C:\\Documents and Settings\\default\\mgsy.exe"=-
"C:\\WINDOWS\\System32\\jqyigl.exe"=-
"C:\\Documents and Settings\\default\\wfbest.exe"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#7
Trout27
Posted 27 July 2008 - 01:09 PM

Trout27

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
OK.....here are the next to logs. You didn't specify separate posts so they are both in this post. First, the ComboFix Log:

ComboFix 08-07-26.1 - default 2008-07-27 14:49:12.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.161 [GMT -4:00]
Running from: C:\Documents and Settings\default\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\default\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\default\bvrtp.exe
C:\Documents and Settings\default\ishvud.exe
C:\Documents and Settings\default\Local Settings\Temp\06.exe
C:\Documents and Settings\default\Local Settings\Temp\13.exe
C:\Documents and Settings\default\Local Settings\Temp\22.exe
C:\Documents and Settings\default\mgsy.exe
C:\Documents and Settings\default\seci.exe
C:\Documents and Settings\default\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
C:\Documents and Settings\default\uts.exe
C:\Documents and Settings\default\wfbest.exe
C:\WINDOWS\SYSTEM32\bslcgw.exe
C:\WINDOWS\System32\dllg.exe
C:\WINDOWS\system32\Drivers\Bgk48.sys
C:\WINDOWS\system32\Drivers\Puy61.sys
C:\WINDOWS\SYSTEM32\elhrfzkimnc.exe
C:\WINDOWS\system32\ijrjvstz.exe
C:\WINDOWS\SYSTEM32\ipzjhp.exe
C:\WINDOWS\System32\iyfqynh.exe
C:\WINDOWS\System32\jqyigl.exe
C:\WINDOWS\SYSTEM32\sfrjgqhg.exe
C:\WINDOWS\system32\unspfg.exe
C:\WINDOWS\System32\volntvw.exe
C:\WINDOWS\System32\xcwr.exe
C:\WINDOWS\System32\xfxgoa.exe
C:\WINDOWS\system32\ycsxeb.exe
C:\WINDOWS\system32logonmgr.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\default\ishvud.exe
C:\Documents and Settings\default\mgsy.exe
C:\Documents and Settings\default\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
C:\Documents and Settings\default\uts.exe
C:\WINDOWS\SYSTEM32\bslcgw.exe
C:\WINDOWS\SYSTEM32\elhrfzkimnc.exe
C:\WINDOWS\SYSTEM32\ipzjhp.exe
C:\WINDOWS\SYSTEM32\sfrjgqhg.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BGK48
-------\Legacy_LOGONMANAGERSVC
-------\Legacy_PUY61
-------\Service_Bgk48
-------\Service_LogonManagerSVC
-------\Service_Puy61


((((((((((((((((((((((((( Files Created from 2008-06-27 to 2008-07-27 )))))))))))))))))))))))))))))))
.

2008-07-25 00:40 . 2008-07-25 00:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-18 20:55 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-07-15 18:02 . 2008-07-15 18:02 90,756 --ah----- C:\WINDOWS\SYSTEM32\mlfcache.dat
2008-07-14 22:54 . 2008-07-14 22:55 <DIR> d-------- C:\Program Files\Bonjour
2008-07-14 21:39 . 2008-07-14 21:39 <DIR> d-------- C:\Program Files\Safari
2008-07-04 12:21 . 2008-07-14 09:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-04 12:21 . 2008-07-04 12:21 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-03 16:04 . 2008-07-03 16:04 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-03 16:04 . 2008-07-03 16:04 <DIR> d-------- C:\Documents and Settings\default\Application Data\Malwarebytes
2008-07-03 16:04 . 2008-07-03 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-03 16:04 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-07-03 12:40 . 2008-07-03 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-03 12:26 . 2003-02-20 16:42 229,487 --a------ C:\WINDOWS\SYSTEM32\jpicpl32.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 18:55 212,480 ----a-w C:\WINDOWS\system32\drivers\ndisio.sys
2008-07-10 13:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\SYSTEM32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\SYSTEM32\dllcache\bthport.sys
2008-06-06 01:56 128,368 ----a-w C:\Documents and Settings\default\Application Data\GDIPFONTCACHEV1.DAT
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\SYSTEM32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\SYSTEM32\dllcache\quartz.dll
2000-10-13 20:56 271 --sh--w C:\Program Files\desktop.ini
2000-10-13 20:56 23,357 ---h--w C:\Program Files\folder.htt
2002-02-01 02:00 98,304 ----a-w C:\Program Files\internet explorer\plugins\IEHelper.dll
2003-04-20 13:15 32 --sha-w C:\WINDOWS\{DE2E190C-863A-4527-BAFC-7A16DEC8D1AC}.dat
2003-04-20 13:15 32 --sha-w C:\WINDOWS\SYSTEM\{122662BE-63CB-406B-8750-5A1AE39F982B}.dat
2004-08-04 07:56 50,688 --sh--r C:\WINDOWS\SYSTEM32\smss.exe
2007-12-26 14:58 2,516 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2007-12-26 14:58 168 --sh--r C:\WINDOWS\SYSTEM32\3317E83D67.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 05:46 196608]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 07:23 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-05 09:20 1506544]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-06-10 17:31 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-08-10 12:00 311350]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-10 12:00 28739]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2002-09-27 14:38 4214784]
"MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-07-12 00:22 176128]
"mmtask"="C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-29 15:57 53248]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 19:11 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 11:03 217088]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2006-01-13 20:13 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-01-13 20:13 49152]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 17:37 936960]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe" [2006-02-01 18:33 1880064]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"nwiz"="nwiz.exe" [2002-09-27 14:38 446464 C:\WINDOWS\SYSTEM32\nwiz.exe]
"System Mechanics Synoptics Services"="smss.exe" [2004-08-04 03:56 50688 C:\WINDOWS\SYSTEM32\smss.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2005-10-12 17:13 7086080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Printing Migration"="C:\WINDOWS\System32\spool\migrate.dll" [2001-08-23 12:00 30208]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"= 00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"= 00000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-25 17:37 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-07-29 10:33 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv
"aux"= ctwdm32.dll
"VIDC.CTRX"= ctrxvid.drv
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bgk48.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Puy61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"UpdReg"=C:\WINDOWS\Updreg.exe
"LoadQM"=loadqm.exe
"HPDJ Taskbar Utility"=C:\WINDOWS\SYSTEM32\hpztsb03.exe
"WorksFUD"=C:\Program Files\Microsoft Works\wkfud.exe
"RxMon"=C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
"madexe"=C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
"Speed racer"=C:\Program Files\Creative\PlayCenter\CTSRReg.exe
"AudioHQ"=C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
"WhenUSave"=C:\PROGRA~1\SAVE\Save.exe
"MMTray"=C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
"Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
"GhostStartTrayApp"=C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 09:02]
R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 06:41]
R3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;C:\WINDOWS\system32\DRIVERS\SMC1211.SYS [2001-07-11 11:06]
S0 Cdr4vsd;Cdr4vsd;C:\WINDOWS\system32\drivers\Cdr4vsd.sys [2005-01-12 17:37]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 11:11]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2004-05-21 14:15]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\^RNA]
rundll rnasetup.dll,installoptionalcomponent rna

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
2008-07-27 C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job - G;xPF6 s!2b(C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE -cdefault9Scheduled Task for PC Health Scheduler (Data Collection)0) []
2008-07-27 C:\WINDOWS\Tasks\Uninstall Expiration Reminder.job - (&C:\WINDOWS\System32\OOBE\oobebaln.exe/sys /u /n:1SYSTEM0(< []
2008-07-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - s!4:C:\Program Files\Apple Software Update\SoftwareUpdate.exe-taskSYSTEM04 []
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 14:54:59
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\WINDOWS\SYSTEM32\PSISERVICE.EXE
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
C:\WINDOWS\SYSTEM32\DEVLDR32.EXE
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
**************************************************************************
.
Completion time: 2008-07-27 15:00:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-27 19:00:02
ComboFix2.txt 2008-07-26 23:45:18

Pre-Run: 4,568,137,728 bytes free
Post-Run: 4,550,017,024 bytes free

237 --- E O F --- 2008-07-10 14:40:20


Then the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:33 PM, on 7/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon....p;bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] "C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Microsoft Works\WkDetect.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] "C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [System Mechanics Synoptics Services] smss.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfi...IOS/tgctlcm.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.teachsp...emote/msrdp.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 9058 bytes
  • 0

#8
fenzodahl512
Posted 27 July 2008 - 02:20 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Great!.. This is much more clean than the beginning.. Now lets do this..


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




NEXT


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator



Please post the following logs in your next reply.. Please post each log in separate post..

1. Malwarebytes'
2. DSS main.txt
3. DSS extra.txt
4. Tell me about your computer behaviour..


Regards
fenzodahl512
  • 0

#9
Trout27
Posted 27 July 2008 - 04:48 PM

Trout27

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
OK.......Here we go, The first post will be the Malware Log. The others will follow in separate posts:

Malwarebytes' Anti-Malware 1.23
Database version: 999
Windows 5.1.2600 Service Pack 2

5:20:07 PM 7/27/2008
mbam-log-7-27-2008 (17-20-07).txt

Scan type: Full Scan (C:\|)
Objects scanned: 116164
Time elapsed: 41 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#10
Trout27
Posted 27 July 2008 - 04:49 PM

Trout27

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
OK, Now the dss.main.txt:

Deckard's System Scanner v20071014.68
Run by default on 2008-07-27 17:33:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
21: 2008-07-27 21:33:37 UTC - RP1796 - Deckard's System Scanner Restore Point
20: 2008-07-27 18:48:44 UTC - RP1795 - ComboFix created restore point
19: 2008-07-26 23:31:57 UTC - RP1794 - ComboFix created restore point
18: 2008-07-26 23:29:01 UTC - RP1793 - ComboFix created restore point
17: 2008-07-26 12:47:54 UTC - RP1792 - System Checkpoint


-- First Restore Point --
1: 2008-07-09 19:59:10 UTC - RP1776 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 384 MiB (512 MiB recommended).
System Drive C: has 4.22 GiB (less than 15%) free.


-- HijackThis (run as default.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:49 PM, on 7/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Verizon\McciBrowser.exe
C:\Documents and Settings\default\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\default.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon....p;bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] "C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Microsoft Works\WkDetect.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] "C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [System Mechanics Synoptics Services] smss.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfi...IOS/tgctlcm.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.teachsp...emote/msrdp.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 8915 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,-153
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,23
.ini - inifile - DefaultIcon - shell32.dll,-151
.js - JSFile - DefaultIcon - C:\WINDOWS\System32\migicons.exe,21
.reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1
.txt - txtfile - DefaultIcon - shell32.dll,-152
.vbs - VBSFile - DefaultIcon - C:\WINDOWS\System32\migicons.exe,20


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 Passthru (Service) - c:\windows\system32\drivers\ndisio.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S0 Cdr4vsd - c:\windows\system32\drivers\cdr4vsd.sys <Not Verified; Adaptec; Adaptec's CD-R Helper Drivers>
S3 hamachi_oem (PlayLinc Adapter) - c:\windows\system32\drivers\gan_adapter.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver, OEM>
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 nhksrv (Netropa NHK Server) - c:\program files\netropa\multimedia keyboard\nhksrv.exe

S2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&15F50029&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&15F50029&0
Service: i8042prt

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: PlayLinc Adapter
Device ID: ROOT\NET\0000
Manufacturer: Super Computer Inc.
Name: PlayLinc Adapter
PNP Device ID: ROOT\NET\0000
Service: hamachi_oem


-- Scheduled Tasks -------------------------------------------------------------

2008-07-27 17:27:10 360 --a------ C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job
2008-07-27 16:40:02 258 --a------ C:\WINDOWS\Tasks\Uninstall Expiration Reminder.job
2008-07-25 14:52:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-07-05 23:00:02 502 --a------ C:\WINDOWS\Tasks\Tune-up Application Start.job


-- Files created between 2008-06-27 and 2008-07-27 -----------------------------

2008-07-26 19:32:32 0 d-------- C:\cmdcons
2008-07-26 19:28:24 68096 --a------ C:\WINDOWS\zip.exe
2008-07-26 19:28:24 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-26 19:28:24 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-26 19:28:24 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-26 19:28:24 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-26 19:28:24 98816 --a------ C:\WINDOWS\sed.exe
2008-07-26 19:28:24 80412 --a------ C:\WINDOWS\grep.exe
2008-07-26 19:28:24 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-25 00:40:16 0 d-------- C:\Program Files\Trend Micro
2008-07-15 18:02:11 90756 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-07-14 22:54:59 0 d-------- C:\Program Files\Bonjour
2008-07-14 21:39:44 0 d-------- C:\Program Files\Safari
2008-07-03 16:04:42 0 d-------- C:\Documents and Settings\default\Application Data\Malwarebytes
2008-07-03 16:04:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-03 16:04:35 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-03 12:40:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft


-- Find3M Report ---------------------------------------------------------------

2008-07-01 13:42:24 31744 --a------ C:\Documents and Settings\default\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-06-05 21:56:46 128368 --a------ C:\Documents and Settings\default\Application Data\GDIPFONTCACHEV1.DAT
2008-05-10 01:36:34 2645624 --ah----- C:\Documents and Settings\default\Application Data\IconCache.db


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [08/10/2000 12:00 PM]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [08/10/2000 12:00 PM]
"NvCplDaemon"="RUNDLL32.exe" [08/04/2004 03:56 AM C:\WINDOWS\SYSTEM32\rundll32.exe]
"nwiz"="nwiz.exe" [09/27/2002 02:38 PM C:\WINDOWS\SYSTEM32\nwiz.exe]
"MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [07/12/2002 12:22 AM]
"mmtask"="C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [10/29/2003 03:57 PM]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [05/21/2004 07:11 PM]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [06/01/2004 11:09 AM]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [06/01/2004 11:03 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [01/13/2006 08:13 PM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [01/13/2006 08:13 PM]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [03/11/2007 05:37 PM]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe" [02/01/2006 06:33 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 08:38 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"System Mechanics Synoptics Services"="smss.exe" [08/04/2004 03:56 AM C:\WINDOWS\SYSTEM32\smss.exe]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [06/01/2004 05:46 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/14/2007 07:23 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/05/2008 09:20 AM]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [06/10/2007 05:31 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Printing Migration"=rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
@=00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/25/2008 05:37 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 07/29/2007 10:33 AM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bgk48.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Puy61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"UpdReg"=C:\WINDOWS\Updreg.exe
"LoadQM"=loadqm.exe
"HPDJ Taskbar Utility"=C:\WINDOWS\SYSTEM32\hpztsb03.exe
"WorksFUD"=C:\Program Files\Microsoft Works\wkfud.exe
"RxMon"=C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
"madexe"=C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
"Speed racer"=C:\Program Files\Creative\PlayCenter\CTSRReg.exe
"AudioHQ"=C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
"WhenUSave"=C:\PROGRA~1\SAVE\Save.exe
"MMTray"=C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
"Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
"GhostStartTrayApp"=C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\^RNA]
rundll rnasetup.dll,installoptionalcomponent rna

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl



-- End of Deckard's System Scanner: finished at 2008-07-27 17:39:51 ------------
  • 0

Advertisements

#11
Trout27
Posted 27 July 2008 - 04:51 PM

Trout27

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Here is the dss extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 383.3 MiB / 118.55 MiB
Pagefile Memory (total/avail): 921.55 MiB / 610.91 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.35 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 37.25 GiB total, 4.22 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD400BB-75AUA1 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 37.27 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\1155155275\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1155155275\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\default\Application Data
CLASSPATH=.;C:\PROGRA~1\PHOTOD~1.0\ADOBEC~1;C:\Program Files\Java\j2re1.4.1_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FRMZG01
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\default
LOGONSERVER=\\FRMZG01
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\COMMAND;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0806
ProgramFiles=C:\Program Files
PROMPT=$p$g
QTJAVA=C:\Program Files\Java\j2re1.4.1_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\default\LOCALS~1\Temp
TMP=C:\DOCUME~1\default\LOCALS~1\Temp
USERDOMAIN=FRMZG01
USERNAME=default
USERPROFILE=C:\Documents and Settings\default
winbootdir=C:\WINDOWS
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

default (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /UNINSTALL /PROMPT
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Launcher\Launcher.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\PlayCenter\Player.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Recorder\Recorder.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\AudioHQ.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Diagnose.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Midi.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Restore.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SBLiveXP.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SoundFont.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Wstudio.isu"
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\mrun32.isu
--> MsiExec.exe /I{58DD5143-4417-4F43-A7DD-5B8B29CEDBEA}
--> MsiExec.exe /I{C8D79874-7F2B-4346-99F1-DAA8AABF9DCA}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Groove Playback Engine --> RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe PhotoDeluxe Home Edition 3.0 --> C:\WINDOWS\UNINST.EXE -f"C:\Program Files\PhotoDeluxe HE 3.0\DeIsL1.isu" -c"C:\Program Files\PhotoDeluxe HE 3.0\Uninst.dll"
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AOL Instant Messenger --> C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Attune 2.3.2 --> MsiExec.exe /I{8F7C09A4-EBAE-11D3-A9AF-005004D2ECE4}
Bejeweled 2 Deluxe --> "C:\Program Files\MSN Games\Bejeweled 2 Deluxe\Uninstall.exe" "C:\Program Files\MSN Games\Bejeweled 2 Deluxe\install.log"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Canon Camera Window for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{093625E3-7B87-49D3-AA53-AD0FCFABAF49}
Canon PhotoRecord --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\Canon\PhotoRecord\Uninst.isu -c"C:\PROGRA~1\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities File Viewer Utility 1.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{EF0DD8B7-471C-463B-A298-6066C2FABAF5}
Canon Utilities PhotoStitch 3.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{03CDDD00-BD57-4326-9480-4C74449AF597}
Canon Utilities RemoteCapture 2.7 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}
Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Corel Applications --> C:\WINDOWS\COREL\UNINSTAL.EXE
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
DraftDominator Version 5.0j Full --> F:\DraftDominator\unins000.exe
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Deskjet 3840 --> msiexec /x{B1591C79-1C35-4E09-AA15-F7D6923AFB96}
HP Driver Diagnostics --> MsiExec.exe /X{6314D540-E3C1-4F30-AEEB-4154C93375C3}
HP Software Update --> MsiExec.exe /X{B81023A5-71ED-46EB-BE3B-9F974D1155F1}
HyperLoad --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Nabisco\HyperLoad\Uninst.isu"
iPod for Windows 2005-02-22 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B6ACFF51-248A-4290-B50B-E50C81F25B97} /l1033
iPod System Software Updater 2.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B02B8E30-EB28-49B0-A60F-696268BAE033} /l1033
iTunes --> MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java 2 Runtime Environment, SE v1.4.1_02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext
Java Web Start --> "C:\Program Files\Java Web Start\uninst-javaws.exe"
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0010_1d197\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech Print Service --> C:\PROGRA~1\LOGITECH\PRINTS~1\UNWISE.EXE C:\PROGRA~1\LOGITECH\PRINTS~1\INSTALL.LOG
Logitech QuickCam --> MsiExec.exe /I{0496D9E9-224B-4AFA-8F37-23B98D52F1EB}
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macromedia Shockwave Player --> C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~2\Install.log
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft IntelliPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABEA93FA-8D65-11D2-98AB-00C04F79C5D1}\setup.exe" Uninstall
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Word 2000 SR-1 --> MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
Microsoft Works 2001 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2001\Setup\Launcher.exe D:\
Microsoft Works 6.0 --> MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}
Modem Helper --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Modem Helper\Uninst.isu"
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
Office Keyboard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0208A7E3-0D30-11D4-A1FC-00508B9D1BA2}\SETUP.EXE" -l0x9
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Pajama Sam Life is Rough When You Lose Your Stuff --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{56C632F1-E684-4033-8390-1C39A1719B01}
PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C1}\SETUP.EXE" ControlPanel
PlayLinc --> MsiExec.exe /I{9CCE527D-356F-41A8-9718-77A68AC065FB}
Presto! ImageFolio LE --> C:\WINDOWS\uninst.exe -f"C:\Program Files\NewSoft\PageManager\ImgFolio\DeIsL1.isu"
Presto! PageManager --> C:\WINDOWS\uninst.exe -f"C:\Program Files\NewSoft\PageManager\DeIsL1.isu"
Presto! PageType --> C:\WINDOWS\uninst.exe -f"C:\Program Files\NewSoft\PageManager\PageType\DeIsL1.isu"
Presto! PhotoAlbum --> C:\WINDOWS\uninst.exe -f"C:\Program Files\NewSoft\PhotoAlbum\DeIsL1.isu"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Reading Blaster Ages 9-12 --> D:\setup.exe -funiRBM.ins
Safari --> MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Serif DrawPlus 3.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Serif\dp30\DrawPlus_uninst.isu"
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Shockwave --> C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\INSTALL.LOG
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Sound Blaster Live! Value --> C:\Program Files\Creative\SBLive\PROGRAM\CTUNINST.EXE
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Thanksgiving Shoot-out Screen Saver --> C:\PROGRA~1\THANKS~1.1\UNWISE.EXE C:\PROGRA~1\THANKS~1.1\INSTALL.LOG
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims Unleashed --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C32C567-DC0F-4C80-B06C-7873850A2E06}\setup.exe" -l0009
Update Wizard --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Update Wizard\Uninst.isu" -c"C:\Program Files\Update Wizard\UWUninst.dll"
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Verizon Broadband Toolbar --> C:\Program Files\VZBB Toolbar\Uninstall.exe
Verizon Online Help and Support --> C:\PROGRA~1\VERIZON\UNWISE.EXE C:\PROGRA~1\VERIZON\INSTALL.LOG
Verizon Servicepoint 1.3.21 --> "C:\Program Files\Verizon\Servicepoint\unins000.exe"
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Uninstall --> %SYSTEMROOT%\system32\osuninst.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
Yahtzee --> C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL2.isu


-- Application Event Log -------------------------------------------------------

Event Record #/Type805 / Error
Event Submitted/Written: 07/27/2008 05:32:35 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aim.exe, version 5.9.3861.0, faulting module unknown, version 0.0.0.0, fault address 0x1221254f.
Processing media-specific event for [aim.exe!ws!]

Event Record #/Type759 / Error
Event Submitted/Written: 07/22/2008 03:13:11 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.3156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type735 / Error
Event Submitted/Written: 07/18/2008 08:50:54 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type734 / Error
Event Submitted/Written: 07/18/2008 08:50:54 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type732 / Error
Event Submitted/Written: 07/18/2008 08:44:38 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application wkssvc.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0xc13cff45.
Processing media-specific event for [wkssvc.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type70764 / Error
Event Submitted/Written: 07/27/2008 02:54:03 PM / 07/27/2008 02:54:33 PM
Event ID/Source: 876 / Application Popup
Event Description:
Driver Cdr4vsd.SYS has been blocked from loading.

Event Record #/Type70753 / Error
Event Submitted/Written: 07/27/2008 02:49:11 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type70752 / Error
Event Submitted/Written: 07/27/2008 02:49:11 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type70751 / Error
Event Submitted/Written: 07/27/2008 02:49:11 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type70750 / Error
Event Submitted/Written: 07/27/2008 02:49:11 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).



-- End of Deckard's System Scanner: finished at 2008-07-27 17:39:51 ------------
  • 0

#12
Trout27
Posted 27 July 2008 - 04:57 PM

Trout27

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
OK, the 3 prior posts are the text files that you requested. Let see, how is the computer behaving. It is definitely running much better. It still seems a bit sluggish but it is older and it may just be getting tired. My daughter has a bunch of crap on here that I am sure is slowing it down. It do not think it is spamming anymore, at least I have not noticed any "undeliverable" notices since late Friday which is good. I have to believe that was slowing things down a bunch. Does it look pretty clean??
  • 0

#13
fenzodahl512
Posted 27 July 2008 - 06:08 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Well, just a little bit more...


I haven't seen any antivirus in your logs.. Antivirus is extremely crucial as without it you will get re-infected again! Do you have any? If you don't, please install ONLY ONE of these free and excellent antivirus below:


I also haven't seen any third-party firewall in your logs.. Do you have any? If you don't, please install ONLY ONE of these free and excellent firewall below:
After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.




NEXT


Please go to Start >> Run and type or copy/paste the following in the run box: "%userprofile%\desktop\dss.exe" /daft . Then press Enter
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.




NEXT


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bgk48.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Puy61.sys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\System Mechanics Synoptics Services
EmptyTemp
purity
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Please post the following logs in your next reply.. Please post each log in separate post..

1. OTMoveIt2
2. Kaspersky Webscanner
3. A fresh DSS log (after Kaspersky step)


Regards
fenzodahl512
  • 0

#14
Trout27
Posted 28 July 2008 - 05:46 AM

Trout27

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
OK, I did all the stuff you requested although the firewall (PC Tools) has been a challenge. Here are the logs in separate posts, First OTMoveIT2:


Explorer killed successfully
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bgk48.sys >
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bgk48.sys\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Puy61.sys >
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Puy61.sys\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\System Mechanics Synoptics Services >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\System Mechanics Synoptics Services deleted successfully.
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07272008_234827
  • 0

#15
Trout27
Posted 28 July 2008 - 05:47 AM

Trout27

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Now the Kaspersky log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, July 28, 2008 7:19:06 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/07/2008
Kaspersky Anti-Virus database records: 1017623
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 84255
Number of viruses found: 15
Number of infected objects: 84
Number of suspicious objects: 0
Duration of the scan process: 02:34:00

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\SYSTEM32\DRIVERS\ndisio.sys Infected: Rootkit.Win32.Agent.att skipped
C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\SYSTEM32\AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\WINDOWS\SchedLog.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\setup86x\dtreg.exe Infected: not-a-virus:RiskTool.Win32.Dtreq.a skipped
C:\WINDOWS\setup86x\logonmgr.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.gen skipped
C:\WINDOWS\setup86x\NetSec.exe Infected: Backdoor.Win32.HacDef.di skipped
C:\WINDOWS\setup86x\wmiserv.exe Infected: Backdoor.Win32.Iroffer.ej skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\PC Tools AntiVirus\PCTAVService.txt Object is locked skipped
C:\Program Files\PC Tools AntiVirus\~ulo Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MarketScoreOS.zip/osmim.dll Infected: not-a-virus:Server-Proxy.Win32.MarketScore.q skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MarketScoreOS.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MarketScoreOS1.zip/osconfig.dll Infected: not-a-virus:Server-Proxy.Win32.MarketScode.c skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MarketScoreOS1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip/MWSBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.h skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip/MWSSRCAS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar5.zip/rikimles.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar1.zip/lpgwemnc.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Report Logs\Report39656.910000000003.xml Object is locked skipped
C:\Documents and Settings\All Users\Application Data\PC Tools\ThreatFire\Orig.db Object is locked skipped
C:\Documents and Settings\default\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\default\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\default\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\default\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\default\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\default\Application Data\Verizon\VSP\client_gateway.log Object is locked skipped
C:\Documents and Settings\default\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-7-27-2008( 21-42-32 ).LOG Object is locked skipped
C:\Documents and Settings\default\Application Data\PC Tools\PC Tools AntiVirus\Application Logs\PCToolsAntivirus.txt Object is locked skipped
C:\Documents and Settings\default\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1787\A0215506.sys Infected: Rootkit.Win32.Agent.att skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1790\A0215564.sys Infected: Rootkit.Win32.Agent.att skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1790\A0215605.exe Infected: Trojan.Win32.Mondera.gen skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1790\A0215606.exe Infected: Trojan.Win32.Mondera.gen skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1790\A0215654.sys Infected: Rootkit.Win32.Agent.att skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1792\A0215742.sys Infected: Rootkit.Win32.Agent.att skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1795\A0216006.exe Infected: Trojan.Win32.Mondera.gen skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1795\A0216007.exe Infected: Trojan.Win32.Mondera.gen skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1795\A0216009.exe Infected: Trojan.Win32.Mondera.gen skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1795\A0216019.sys Infected: Rootkit.Win32.Agent.att skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1795\A0216026.sys Infected: Rootkit.Win32.Agent.att skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0216124.sys Infected: Rootkit.Win32.Agent.att skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\change.log Object is locked skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218122.exe Infected: Trojan-Spy.Win32.Zbot.nm skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218123.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218124.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218125.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218126.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218127.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218128.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218129.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218130.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218131.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218132.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218133.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218134.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218135.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218136.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218137.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218138.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218139.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218140.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218141.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218142.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218143.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218144.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218145.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218146.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218147.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218148.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218149.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218150.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218151.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218152.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218153.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218154.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218155.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218156.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1796\A0218157.sys Infected: Rootkit.Win32.Agent.att skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1788\A0215512.sys Infected: Rootkit.Win32.Agent.att skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1777\A0214806.sys Infected: Rootkit.Win32.Agent.att skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1779\A0214828.sys Infected: Rootkit.Win32.Agent.att skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1780\A0214861.sys Infected: Rootkit.Win32.Agent.att skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1781\A0214877.sys Infected: Rootkit.Win32.Agent.att skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1781\A0215323.sys Infected: Rootkit.Win32.Agent.att skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1781\A0215334.sys Infected: Rootkit.Win32.Agent.att skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1782\A0215349.sys Infected: Rootkit.Win32.Agent.att skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1783\A0215368.sys Infected: Rootkit.Win32.Agent.att skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1783\A0215389.sys Infected: Rootkit.Win32.Agent.att skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1784\A0215402.sys Infected: Rootkit.Win32.Agent.att skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1784\A0215408.sys Infected: Rootkit.Win32.Agent.att skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1789\A0215536.sys Infected: Rootkit.Win32.Agent.att skipped
C:\System Volume Information\_restore{F6F674A9-BDE7-4192-B000-F862020ECEEB}\RP1794\A0215939.sys Infected: Rootkit.Win32.Agent.att skipped
C:\!KillBox\logon.exe Infected: Backdoor.Win32.IRCBot.crx skipped
C:\QooBox\Quarantine\C\Documents and Settings\default\ishvud.exe.vir Infected: Trojan.Win32.Mondera.gen skipped
C:\QooBox\Quarantine\C\Documents and Settings\default\mgsy.exe.vir Infected: Trojan.Win32.Mondera.gen skipped
C:\QooBox\Quarantine\C\Documents and Settings\default\uts.exe.vir Infected: Trojan.Win32.Mondera.gen skipped

Scan process completed.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP