Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Win32.Agent.wam [RESOLVED]

Started by banquos_ghost , Jul 29 2008 01:34 PM

  • This topic is locked This topic is locked

#1
banquos_ghost
Posted 29 July 2008 - 01:34 PM

banquos_ghost

    Member

  • Member
  • PipPip
  • 10 posts
Hello!

My PC seems to be infected with Trojan.Win32.Agent.wam (or so ZoneAlarm tells me). Neither ZoneAlarm nor F-Secure have proven able to adequately remove the bug from my system, and the filenames provided in the manual removal instructions for Trojan.Win32.Agent.akk, etc. don't seem to match up with what I'm finding when I try to apply them. Can somebody offer me a hand? I'd be most appreciative!

-Brian

Here's my HijackThis logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:47 PM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
G:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
G:\WINDOWS\system32\svchost.exe
G:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
G:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
G:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
G:\WINDOWS\system32\wscntfy.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Microsoft IntelliType Pro\type32.exe
G:\Program Files\Microsoft IntelliPoint\point32.exe
G:\WINDOWS\system32\CTHELPER.EXE
G:\Program Files\HP\hpcoretech\hpcmpmgr.exe
G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
G:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
G:\Program Files\ESPNRunTime\DIGServices.exe
G:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\WINDOWS\SM1BG.EXE
G:\Program Files\DropBox\DropBox\DropBox.exe
G:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
G:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
G:\Program Files\Messenger\msmsgs.exe
G:\Program Files\Windows Media Player\WMPNSCFG.exe
G:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
G:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
G:\Program Files\Google\Google Updater\GoogleUpdater.exe
G:\Program Files\NETGEAR\WG111U Configuration Utility\WG111UCFG.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\WINDOWS\explorer.exe
G:\WINDOWS\system32\NOTEPAD.EXE
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "G:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "G:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] G:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] G:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Component Manager] "G:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [EEventManager] G:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [DIGServices] G:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SM1BG] G:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [DropBoxUtility] "G:\Program Files\DropBox\DropBox\DropBox.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [+,-./0123456789:;<=exe] !"#$%&'()*+,-./0123456789:;<=exe
O4 - HKLM\..\Run: [3456789:;<=>?@ABCDEFGexe] ()*+,-./0123456789:;<=>?@ABCDEFGexe
O4 - HKLM\..\Run: [F-Secure Manager] "G:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "G:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] G:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [+,-./0123456789:;<=exe] !"#$%&'()*+,-./0123456789:;<=exe
O4 - HKCU\..\Run: [3456789:;<=>?@ABCDEFGexe] ()*+,-./0123456789:;<=>?@ABCDEFGexe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = G:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://G:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay13...es/MsnPUpld.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-sec.../fshc/fscax.cab
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - G:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - G:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - G:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 10753 bytes
  • 0

Advertisements

#2
Rorschach112
Posted 29 July 2008 - 05:05 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
banquos_ghost
Posted 30 July 2008 - 12:27 AM

banquos_ghost

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks for the reply!

I've downloaded and run VundoFix and DSS, as per your instructions.

VundoFix turned up nothing malicious, and left me with only this:

___________________________________________________________________

VundoFix V7.0.6

Scan started at 10:51:17 PM 7/29/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

____________________________________________________________________

Here, as requested, is a current HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:02 PM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
G:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
G:\WINDOWS\system32\svchost.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
G:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
G:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
G:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
G:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
G:\WINDOWS\system32\wscntfy.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Microsoft IntelliType Pro\type32.exe
G:\Program Files\Microsoft IntelliPoint\point32.exe
G:\WINDOWS\system32\CTHELPER.EXE
G:\Program Files\HP\hpcoretech\hpcmpmgr.exe
G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
G:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
G:\Program Files\ESPNRunTime\DIGServices.exe
G:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\WINDOWS\SM1BG.EXE
G:\Program Files\DropBox\DropBox\DropBox.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
G:\Program Files\Messenger\msmsgs.exe
G:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
G:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
G:\Program Files\Windows Media Player\WMPNSCFG.exe
G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
G:\Program Files\Google\Google Updater\GoogleUpdater.exe
G:\Program Files\NETGEAR\WG111U Configuration Utility\WG111UCFG.exe
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\WINDOWS\notepad.exe
G:\WINDOWS\notepad.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "G:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "G:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] G:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] G:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Component Manager] "G:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [EEventManager] G:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [DIGServices] G:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SM1BG] G:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [DropBoxUtility] "G:\Program Files\DropBox\DropBox\DropBox.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [+,-./0123456789:;<=exe] !"#$%&'()*+,-./0123456789:;<=exe
O4 - HKLM\..\Run: [3456789:;<=>?@ABCDEFGexe] ()*+,-./0123456789:;<=>?@ABCDEFGexe
O4 - HKLM\..\Run: [F-Secure Manager] "G:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "G:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] G:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [+,-./0123456789:;<=exe] !"#$%&'()*+,-./0123456789:;<=exe
O4 - HKCU\..\Run: [3456789:;<=>?@ABCDEFGexe] ()*+,-./0123456789:;<=>?@ABCDEFGexe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = G:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://G:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay13...es/MsnPUpld.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-sec.../fshc/fscax.cab
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - G:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - G:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - G:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 10657 bytes

________________________________________________________________________________
_______

Here, also as requested, are the two .txt documents produced by DSS:

________________________________________________________________________________
_______
(main.txt)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:02 PM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
G:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
G:\WINDOWS\system32\svchost.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
G:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
G:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
G:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
G:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
G:\WINDOWS\system32\wscntfy.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Microsoft IntelliType Pro\type32.exe
G:\Program Files\Microsoft IntelliPoint\point32.exe
G:\WINDOWS\system32\CTHELPER.EXE
G:\Program Files\HP\hpcoretech\hpcmpmgr.exe
G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
G:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
G:\Program Files\ESPNRunTime\DIGServices.exe
G:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\WINDOWS\SM1BG.EXE
G:\Program Files\DropBox\DropBox\DropBox.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
G:\Program Files\Messenger\msmsgs.exe
G:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
G:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
G:\Program Files\Windows Media Player\WMPNSCFG.exe
G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
G:\Program Files\Google\Google Updater\GoogleUpdater.exe
G:\Program Files\NETGEAR\WG111U Configuration Utility\WG111UCFG.exe
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\WINDOWS\notepad.exe
G:\WINDOWS\notepad.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "G:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "G:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] G:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] G:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Component Manager] "G:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [EEventManager] G:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [DIGServices] G:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SM1BG] G:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [DropBoxUtility] "G:\Program Files\DropBox\DropBox\DropBox.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [+,-./0123456789:;<=exe] !"#$%&'()*+,-./0123456789:;<=exe
O4 - HKLM\..\Run: [3456789:;<=>?@ABCDEFGexe] ()*+,-./0123456789:;<=>?@ABCDEFGexe
O4 - HKLM\..\Run: [F-Secure Manager] "G:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "G:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] G:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [+,-./0123456789:;<=exe] !"#$%&'()*+,-./0123456789:;<=exe
O4 - HKCU\..\Run: [3456789:;<=>?@ABCDEFGexe] ()*+,-./0123456789:;<=>?@ABCDEFGexe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = G:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://G:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay13...es/MsnPUpld.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-sec.../fshc/fscax.cab
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - G:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - G:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - G:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 10657 bytes

________________________________________________________________________________
(extra.txt)
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.40GHz
CPU 1: Intel® Pentium® 4 CPU 3.40GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1023.48 MiB / 552.84 MiB
Pagefile Memory (total/avail): 2462 MiB / 1995.32 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.37 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.53 GiB total, 12.37 GiB free.
D: is CDROM (No Media)
E: is Fixed (FAT32) - 74.51 GiB total, 43.52 GiB free.
F: is Removable (No Media)
G: is Fixed (NTFS) - 74.52 GiB total, 50.3 GiB free.
H: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST380013AS - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - G:

\\.\PHYSICALDRIVE1 - ST380013AS - 74.53 GiB - 1 partition
\PARTITION0 - Installable File System - 74.53 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB Disk USB Device - 74.53 GiB - 1 partition
\PARTITION0 - Unknown - 74.53 GiB - E:

\\.\PHYSICALDRIVE3 - USB2.0 CardReader CF RW USB Device

\\.\PHYSICALDRIVE4 - USB2.0 CardReader Combo USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntivirusOverride is set.

FW: F-Secure Internet Security 2008 8.00 v8.00 (F-Secure Corporation)
AV: F-Secure Internet Security 2008 8.00 v8.00 (F-Secure Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\\Program Files\\Bonjour\\mDNSResponder.exe"="G:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"G:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"="G:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"
"G:\\Program Files\\DropBox\\DropBox\\DropBox.exe"="G:\\Program Files\\DropBox\\DropBox\\DropBox.exe:*:Enabled:DropBox"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=G:\Documents and Settings\All Users
APPDATA=G:\Documents and Settings\Brian\Application Data
CLASSPATH=.;G:\Program Files\QuickTime\QTSystem\QTJava.zip
COLLECTIONID=COL8143
CommonProgramFiles=G:\Program Files\Common Files
COMPUTERNAME=BANQUOSGHOST
ComSpec=G:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HMSERVER=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=G:
HOMEPATH=\Documents and Settings\Brian
ITEMID=dj-22741-15
LANG=1033
LOGONSERVER=\\BANQUOSGHOST
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
OSVER=winXPP
Path=G:\WINDOWS\system32;G:\WINDOWS;G:\WINDOWS\System32\Wbem;G:\Program Files\Common Files\Roxio Shared\DLLShared;G:\Program Files\QuickTime\QTSystem\;G:\Program Files\Common Files\Roxio Shared\DLLShared\;G:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=G:\Program Files
PROMPT=$P$G
QTJAVA=G:\Program Files\QuickTime\QTSystem\QTJava.zip
RoxioCentral=G:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONID=1165941454312htx6060.cce.hp.com1bb7be:10f82c65710:-2d7e
SESSIONNAME=Console
SWUTVER=1.0.18.30716
SystemDrive=G:
SystemRoot=G:\WINDOWS
TEMP=G:\DOCUME~1\Brian\LOCALS~1\Temp
TIMEOUT=0
TMP=G:\DOCUME~1\Brian\LOCALS~1\Temp
TOOLPATH=/G:/Program%20Files/Hewlett-Packard/HP%20Software%20Update/install.htm
UPDATEDIR=G:\DOCUME~1\Brian\LOCALS~1\Temp\radE632F.tmp
USERDOMAIN=BANQUOSGHOST
USERNAME=Brian
USERPROFILE=G:\Documents and Settings\Brian
VERSION=3.0.5.001
windir=G:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Brian (admin)
Katerina
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "G:\Program Files\Creative\SBAudigy2ZS\Program\Ctzapxx.EXE" /W /U /S
--> "G:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
--> "G:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
--> "G:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
--> "G:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
--> "G:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
--> "G:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
--> "G:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
--> "G:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
--> "G:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
--> "G:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
--> "G:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
--> "G:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
--> "G:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
--> "G:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
--> "G:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
--> "G:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
--> "G:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
--> "G:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
--> "G:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
--> "G:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
--> "G:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
--> "G:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
--> "G:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
--> G:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> G:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> G:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> G:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> G:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> G:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> G:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{0ADEA8E1-B211-41B8-8DD4-D9A5FB04A5FA}
--> MsiExec.exe /I{267D350E-51AB-40B8-AF9F-DA7ED5687044}
--> MsiExec.exe /I{7A9DC8F6-2466-4E04-BF51-BE499C5D02BD}
--> MsiExec.exe /I{85BD5F12-49EF-4B40-B1E0-77D85F6E99BF}
--> MsiExec.exe /I{C98E5F1B-5C2B-4FD1-BDF9-F3779DCAAA16}
--> MsiExec.exe /I{EA9741F6-A7F2-497B-BBE4-2ED0136649BE}
--> MsiExec.exe /X{C628EC93-8E17-4114-BCE7-2D181B93FA0F}
--> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{25EF00B9-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{25EF00BF-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 G:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 9 ActiveX --> G:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> G:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 2.0 --> MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Photoshop Elements 4.0 --> msiexec /I {EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
allTunes --> G:\PROGRA~1\allTunes\UNWISE.EXE G:\PROGRA~1\allTunes\INSTALL.LOG
AnswerWorks 5.0 English Runtime --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Audacity 1.2.6 --> "G:\Program Files\Audacity\unins000.exe"
Belkin Gigabit Ethernet --> IDriver.exe /M{E9B0271B-E9D6-470B-99A4-BFE4D25D573D} /uninst
BlackBerry Desktop Software 4.3 --> MsiExec.exe /I{C178B38F-613A-4EFE-B718-A675BD27A1E1}
BlackBerry Desktop Software 4.3 --> MsiExec.exe /i{C178B38F-613A-4EFE-B718-A675BD27A1E1}
BUM --> MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
Creative System Information --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9 /remove
Crossword Compiler 7 --> G:\Program Files\Crossword Compiler 7\ccw.exe -Uninstall
Cypress USB Mass Storage Driver Installation --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
DivX --> G:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> G:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DropBox --> "G:\Program Files\DropBox\Uninstall.exe"
DVD Decrypter (Remove Only) --> "G:\Program Files\DVD Decrypter\uninstall.exe"
EPSON Attach To Email --> G:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3 --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\setup.exe" -l0x9 -UnInstall
EPSON Event Manager --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}\Setup.exe" -l0x9 -u
EPSON File Manager --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON Perf 3490 3590 Guide --> G:\Program Files\epson\guide\perf_3490_3590_e\uninstall.exe
EPSON Scan --> G:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
ESPN RunTime --> G:\Program Files\ESPNRunTime\DIGSvcUninstall.exe /brand=ESPN
F-Secure Internet Security 2008 --> "G:\Program Files\F-Secure Internet Security\FSGUI\PostInstall.exe" /tUnInstall
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Photos Screensaver --> MsiExec.exe /X{A52415E5-CA1E-44DE-9EDC-D412F31D271C}
Google Updater --> "G:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "G:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "G:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp deskjet 3600 --> msiexec /x{91A5B6C0-EF4E-4830-AC7D-6761C0A9B292}
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
KODAK EASYSHARE Gallery Easy Upload, v2.0 --> G:\Documents and Settings\Brian\Local Settings\Application Data\KodakGallery\EasyShareSetup\$SETUP_140007_fd592d\Setup.exe /APR-REMOVE
KODAK EASYSHARE Gallery Upload ActiveX Control --> RunDll32 advpack.dll,LaunchINFSection G:\WINDOWS\Downloaded Program Files\axofupld.inf, Uninstall
MathPlayer --> G:\Program Files\Design Science\MathPlayer\Setup.exe -u
Microsoft Compression Client Pack 1.0 for Windows XP --> "G:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Outlook Connector for MSN --> MsiExec.exe /X{DC4DD556-DD03-422A-926B-470746D8B50D}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection G:\WINDOWS\INF\msTTS.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "G:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.11) --> G:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> G:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSN Encarta Plus Support Files --> MsiExec.exe /I{00000000-785F-478A-BAA2-87F1A136068C}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Essentials --> MsiExec.exe /X{EB8DC554-959C-49E9-B816-E488103B1033}
NETGEAR WG111U Software --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{B5ACAA7E-ADC5-4F28-9F27-0C2AF65BB9DD}\SETUP.EXE" -uninst
NVIDIA Drivers --> G:\WINDOWS\system32\nvudisp.exe UninstallGUI
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
PCFriendly --> G:\Program Files\PCFriendly\inuninst.exe
Peterson North American Birds --> G:\WINDOWS\uninst16.exe -fg:\PETERSON\DeIsL1.isu -c"g:\PETERSON\UNINST32.DLL"
Presto! BizCard 4.1 Eng --> G:\WINDOWS\IsUninst.exe -f"G:\Program Files\NewSoft\BizCard 4.1 Eng\Uninst.isu" -c"G:\WINDOWS\StiRegstEng.dll"
Q-bert 2004 (remove only) --> "G:\Program Files\Yahoo! Games\Q-bert 2004\Uninstall Q-bert 2004.exe"
Quicken 2008 --> MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> G:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0x9 REMOVE
Return of Arcade Anniversary Edition --> "G:\Program Files\Microsoft Games\Return of Arcade AE\UNINSTAL.EXE" /runtemp /addremove
Roxio Media Manager --> MsiExec.exe /X{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}
Sophos Anti-Rootkit 1.3.1 --> G:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove
Sound Blaster Audigy 2 ZS --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{9E2514D9-DC24-4634-B348-61F3EF0F1628}\SETUP.EXE" -l0x9
Tweak UI --> "G:\WINDOWS\system32\mshta.exe" "res://G:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
USB Storage Adapter FX (SM1) --> SM1UN.EXE SM1FX_AT
Verizon Online --> G:\WINDOWS\system32\VerizonUninstaller.exe
Verizon Online Consumer DSL 6.0 --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{95E1CCAE-8286-4035-B5F7-1B147254A2CB}\Setup.exe" -l0x9 UNINSTALL
Windows Imaging Component --> "G:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "G:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinZip --> "G:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type6816 / Error
Event Submitted/Written: 07/29/2008 11:12:36 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
9 2008-07-29 23:12:36-07:00 banquosghost BANQUOSGHOST\Brian F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\F-SECURE INTERNET SECURITY\FSAUA\SUBSCRIPTIONS\AVH_ORIONDB was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Event Record #/Type6815 / Error
Event Submitted/Written: 07/29/2008 11:10:44 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
8 2008-07-29 23:10:43-07:00 banquosghost BANQUOSGHOST\Brian F-Secure Anti-Virus
Malicious code found in file G:\Documents and Settings\Brian\Local Settings\Temp\ynrunuiw.dll.
Infection: Trojan.Win32.Monder.bdx
Action: The file was renamed.

Event Record #/Type6814 / Error
Event Submitted/Written: 07/29/2008 10:50:29 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application fsm32.exe, version 7.50.10035.0, faulting module user32.dll, version 5.1.2600.3099, fault address 0x00015a48.
Processing media-specific event for [fsm32.exe!ws!]

Event Record #/Type6813 / Error
Event Submitted/Written: 07/29/2008 10:34:22 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
7 2008-07-29 22:34:22-07:00 banquosghost BANQUOSGHOST\Brian F-Secure Anti-Virus
Malicious code found in file G:\Documents and Settings\Brian\Local Settings\Temp\ynrunuiw.dll.
Infection: Trojan.Win32.Monder.bdx

Event Record #/Type6812 / Error
Event Submitted/Written: 07/29/2008 10:34:21 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
6 2008-07-29 22:34:21-07:00 banquosghost BANQUOSGHOST\Brian F-Secure Anti-Virus
Malicious code found in file G:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\Y6QFPFWN\kb456456[1].
Infection: Trojan.Win32.Monder.bdx



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type20873 / Error
Event Submitted/Written: 07/28/2008 02:04:55 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type20866 / Warning
Event Submitted/Written: 07/28/2008 00:17:26 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type20854 / Error
Event Submitted/Written: 07/28/2008 11:55:27 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1055" attempting to start the service NMIndexingService with arguments ""
in order to run the server:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Event Record #/Type20843 / Error
Event Submitted/Written: 07/27/2008 02:58:03 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type20842 / Warning
Event Submitted/Written: 07/27/2008 02:47:19 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk3\D during a paging operation.



-- End of Deckard's System Scanner: finished at 2008-07-29 23:14:36 ------------

________________________________________________________________________________
______________

Thanks again for all your help!

-Brian
  • 0

#4
Rorschach112
Posted 30 July 2008 - 09:22 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you post the main.text again some of it is missing
  • 0

#5
banquos_ghost
Posted 30 July 2008 - 12:54 PM

banquos_ghost

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here it is:

Deckard's System Scanner v20071014.68
Run by Brian on 2008-07-29 23:08:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
65: 2008-07-30 06:08:37 UTC - RP744 - Deckard's System Scanner Restore Point
64: 2008-07-28 21:51:20 UTC - RP743 - is 8.00 build 103 Installation
63: 2008-07-27 21:04:15 UTC - RP742 - System Checkpoint
62: 2008-07-26 20:54:22 UTC - RP741 - System Checkpoint
61: 2008-07-25 19:17:10 UTC - RP740 - Last known good configuration


-- First Restore Point --
1: 2008-07-25 19:16:02 UTC - RP680 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Brian.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:33 PM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
G:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
G:\WINDOWS\system32\svchost.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
G:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
G:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
G:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
G:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
G:\WINDOWS\system32\wscntfy.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Microsoft IntelliType Pro\type32.exe
G:\Program Files\Microsoft IntelliPoint\point32.exe
G:\WINDOWS\system32\CTHELPER.EXE
G:\Program Files\HP\hpcoretech\hpcmpmgr.exe
G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
G:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
G:\Program Files\ESPNRunTime\DIGServices.exe
G:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\WINDOWS\SM1BG.EXE
G:\Program Files\DropBox\DropBox\DropBox.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
G:\Program Files\Messenger\msmsgs.exe
G:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
G:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
G:\Program Files\Windows Media Player\WMPNSCFG.exe
G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
G:\Program Files\Google\Google Updater\GoogleUpdater.exe
G:\Program Files\NETGEAR\WG111U Configuration Utility\WG111UCFG.exe
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\IT3A18TZ\dss[1].exe
G:\PROGRA~1\TRENDM~1\HIJACK~1\Brian.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {6230596F-3A44-4CDF-815B-372FA03C75D6} - G:\WINDOWS\system32\tuvwxYrR.dll
O2 - BHO: (no name) - {747DB261-C1AC-4462-8C7D-C25548F5EF46} - G:\WINDOWS\system32\rqRhiHAq.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "G:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "G:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] G:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] G:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Component Manager] "G:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [EEventManager] G:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [DIGServices] G:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SM1BG] G:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [DropBoxUtility] "G:\Program Files\DropBox\DropBox\DropBox.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [+,-./0123456789:;<=exe] !"#$%&'()*+,-./0123456789:;<=exe
O4 - HKLM\..\Run: [3456789:;<=>?@ABCDEFGexe] ()*+,-./0123456789:;<=>?@ABCDEFGexe
O4 - HKLM\..\Run: [F-Secure Manager] "G:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "G:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] G:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [+,-./0123456789:;<=exe] !"#$%&'()*+,-./0123456789:;<=exe
O4 - HKCU\..\Run: [3456789:;<=>?@ABCDEFGexe] ()*+,-./0123456789:;<=>?@ABCDEFGexe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = G:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://G:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay13...es/MsnPUpld.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-sec.../fshc/fscax.cab
O20 - Winlogon Notify: tuvwxYrR - G:\WINDOWS\SYSTEM32\tuvwxYrR.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - G:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - G:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - G:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 11111 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - g:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 PCANDIS5 (PCANDIS5 Protocol Driver) - g:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 pfc (Padus ASPI Shell) - g:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 ALCXSENS (Service for WDM 3D Audio Driver) - g:\windows\system32\drivers\alcxsens.sys (file missing)
S3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - g:\windows\system32\drivers\alcxwdm.sys (file missing)
S3 ATHFMWDL (NETGEAR WG111U Bootloader driver) - g:\windows\system32\drivers\athfmwdl.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 MEMSWEEP2 - g:\windows\system32\a.tmp (file missing)
S3 WG111U (NETGEAR WG111U Driver) - g:\windows\system32\drivers\wg111u.sys <Not Verified; Atheros Communications, Inc.; Atheros AR5005 Wireless USB Network Adapter>
S4 vsdatant - g:\windows\system32\vsdatant.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor4.0 (Adobe Active File Monitor V4) - g:\program files\adobe\photoshop elements 4.0\photoshopelementsfileagent.exe
R2 Apple Mobile Device - "g:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R3 NMIndexingService - "g:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>

S3 NBService - g:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\E62E86508D00
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\E62E86508D00
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\510AE04D23C01
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\510AE04D23C01
Service: NIC1394

Class GUID:
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_1032147B&REV_03\3&2411E6FE&0&F2
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_1032147B&REV_03\3&2411E6FE&0&F2
Service:

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: vsdatant
Device ID: ROOT\LEGACY_VSDATANT\0000
Manufacturer:
Name: vsdatant
PNP Device ID: ROOT\LEGACY_VSDATANT\0000
Service: vsdatant


-- Scheduled Tasks -------------------------------------------------------------

2008-07-19 11:41:01 284 --a------ G:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-29 and 2008-07-29 -----------------------------

2008-07-29 22:51:17 0 d-------- G:\VundoFix Backups
2008-07-29 12:31:33 0 d-------- G:\Program Files\Trend Micro
2008-07-28 15:08:04 0 d-------- G:\Documents and Settings\Brian\Application Data\F-Secure
2008-07-28 14:52:20 0 d-------- G:\Documents and Settings\All Users\Application Data\F-Secure
2008-07-28 14:51:26 0 d-------- G:\Program Files\F-Secure Internet Security
2008-07-28 14:37:56 0 d-------- G:\Documents and Settings\All Users\Application Data\fssg
2008-07-27 14:36:44 0 d-------- G:\Program Files\Sophos
2008-07-25 12:15:49 634188 --ahs---- G:\WINDOWS\system32\qAHihRqr.ini2
2008-07-25 12:15:36 323584 --a------ G:\WINDOWS\system32\rqRhiHAq.dll
2008-07-23 18:23:36 33152 --a------ G:\WINDOWS\system32\tuvwxYrR.dll
2008-07-23 18:23:36 33152 --a------ G:\WINDOWS\system32\ssqNEvwx.dll
2008-07-23 18:20:10 0 d-------- G:\Program Files\PCHealthCenter
2008-07-23 18:12:03 0 d-------- G:\Program Files\FreeUndelete


-- Find3M Report ---------------------------------------------------------------

2008-07-29 12:42:38 384 --a------ G:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000005-00001102-00000004-20021102}.dat
2008-07-29 12:42:38 384 --a------ G:\WINDOWS\system32\DVCState-{00000002-00000000-00000005-00001102-00000004-20021102}.dat
2008-07-28 11:55:45 4212 ---h----- G:\WINDOWS\system32\zllictbl.dat
2008-07-23 23:54:36 0 d-------- G:\Program Files\Google
2008-07-02 22:32:52 0 d-------- G:\Documents and Settings\Brian\Application Data\Adobe
2008-06-06 14:02:20 0 d-------- G:\Program Files\Common Files
2008-06-06 14:02:10 0 d-------- G:\Program Files\Quicken
2008-05-29 13:41:30 256 --a------ G:\WINDOWS\system32\pool.bin
2008-05-11 08:49:32 69032 --a------ G:\Documents and Settings\Brian\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6230596F-3A44-4CDF-815B-372FA03C75D6}]
07/23/2008 06:23 PM 33152 --a------ G:\WINDOWS\system32\tuvwxYrR.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{747DB261-C1AC-4462-8C7D-C25548F5EF46}]
07/25/2008 12:15 PM 323584 --a------ G:\WINDOWS\system32\rqRhiHAq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="G:\WINDOWS\system32\NvCpl.dll" [04/22/2004 09:24 PM]
"nwiz"="nwiz.exe" [04/22/2004 09:24 PM G:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="G:\WINDOWS\system32\NvMcTray.dll" [04/22/2004 09:24 PM]
"type32"="G:\Program Files\Microsoft IntelliType Pro\type32.exe" [06/03/2004 01:51 AM]
"IntelliPoint"="G:\Program Files\Microsoft IntelliPoint\point32.exe" [06/03/2004 01:50 AM]
"CTHelper"="CTHELPER.EXE" [10/05/2003 11:57 PM G:\WINDOWS\system32\CTHELPER.EXE]
"SBDrvDet"="G:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [12/03/2002 06:06 PM]
"UpdReg"="G:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"HP Component Manager"="G:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 04:18 PM]
"HP Software Update"="G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [02/17/2005 12:11 AM]
"HPDJ Taskbar Utility"="G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [11/10/2003 12:12 PM]
"EEventManager"="G:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [04/08/2005 03:09 PM]
"DIGServices"="G:\Program Files\ESPNRunTime\DIGServices.exe" [10/31/2005 11:18 AM]
"Adobe Photo Downloader"="G:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [09/09/2005 01:18 AM]
"TkBellExe"="G:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/25/2007 10:26 AM]
"SM1BG"="G:\WINDOWS\SM1BG.EXE" [08/27/2003 02:20 PM]
"DropBoxUtility"="G:\Program Files\DropBox\DropBox\DropBox.exe" [12/02/2007 03:26 PM]
"Adobe Reader Speed Launcher"="G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="G:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"@"="" []
"RoxWatchTray"="G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [08/16/2007 08:56 AM]
"NeroFilterCheck"="G:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM]
"+"="" []
"3456789:;<=>?@ABCDEFGexe"="()*+" []
"F-Secure Manager"="G:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [04/04/2008 11:10 AM]
"F-Secure TNB"="G:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [04/04/2008 11:09 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="G:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"swg"="G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/31/2007 01:48 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/23/2006 06:05 PM]
"MSMSGS"="G:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"WMPNSCFG"="G:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"+,-./0123456789:;<=exe"=" !#$%&'()*+,-./0123456789:;<=exe" []
"3456789:;<=>?@ABCDEFGexe"="()*+,-./0123456789:;<=>?@ABCDEFGexe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/4/2004 1:12:18 AM]
Google Updater.lnk - G:\Program Files\Google\Google Updater\GoogleUpdater.exe [8/7/2006 11:00:39 AM]
Microsoft Office.lnk - G:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
Smart Wizard Wireless Settings.lnk - G:\Program Files\NETGEAR\WG111U Configuration Utility\WG111UCFG.exe [8/28/2005 8:33:21 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6230596F-3A44-4CDF-815B-372FA03C75D6}"= G:\WINDOWS\system32\tuvwxYrR.dll [07/23/2008 06:23 PM 33152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwxYrR]
tuvwxYrR.dll 07/23/2008 06:23 PM 33152 G:\WINDOWS\system32\tuvwxYrR.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 G:\WINDOWS\system32\rqRhiHAq

*Newly Created Service* - PCANDIS5



-- End of Deckard's System Scanner: finished at 2008-07-29 23:14:36 ------------
  • 0

#6
Rorschach112
Posted 30 July 2008 - 04:52 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
G:\WINDOWS\system32\qAHihRqr.ini2
G:\WINDOWS\system32\rqRhiHAq.dll
G:\WINDOWS\system32\tuvwxYrR.dll
G:\WINDOWS\system32\ssqNEvwx.dll
G:\Program Files\PCHealthCenter
purity 
EmptyTemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Also post a new DSS log
  • 0

#7
banquos_ghost
Posted 31 July 2008 - 12:18 AM

banquos_ghost

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here's the OTMoveIt2 log:

Explorer killed successfully
G:\WINDOWS\system32\qAHihRqr.ini2 moved successfully.
DllUnregisterServer procedure not found in G:\WINDOWS\system32\rqRhiHAq.dll
G:\WINDOWS\system32\rqRhiHAq.dll NOT unregistered.
G:\WINDOWS\system32\rqRhiHAq.dll moved successfully.
DllUnregisterServer procedure not found in G:\WINDOWS\system32\tuvwxYrR.dll
G:\WINDOWS\system32\tuvwxYrR.dll NOT unregistered.
File move failed. G:\WINDOWS\system32\tuvwxYrR.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in G:\WINDOWS\system32\ssqNEvwx.dll
G:\WINDOWS\system32\ssqNEvwx.dll NOT unregistered.
G:\WINDOWS\system32\ssqNEvwx.dll moved successfully.
G:\Program Files\PCHealthCenter moved successfully.
< purity >
< EmptyTemp >
File delete failed. G:\WINDOWS\temp\nvcbin.def.AB37B891.TMP scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07302008_164245

Files moved on Reboot...
DllUnregisterServer procedure not found in G:\WINDOWS\system32\tuvwxYrR.dll
G:\WINDOWS\system32\tuvwxYrR.dll NOT unregistered.
File move failed. G:\WINDOWS\system32\tuvwxYrR.dll scheduled to be moved on reboot.
File move failed. G:\WINDOWS\temp\nvcbin.def.AB37B891.TMP scheduled to be moved on reboot.


...and here's an updated DSS log:

Deckard's System Scanner v20071014.68
Run by Brian on 2008-07-30 18:06:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Brian.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:06:51 PM, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
G:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
G:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\svchost.exe
G:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
G:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
G:\WINDOWS\system32\wscntfy.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Microsoft IntelliType Pro\type32.exe
G:\Program Files\Microsoft IntelliPoint\point32.exe
G:\WINDOWS\system32\CTHELPER.EXE
G:\Program Files\HP\hpcoretech\hpcmpmgr.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
G:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
G:\Program Files\ESPNRunTime\DIGServices.exe
G:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
G:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\WINDOWS\SM1BG.EXE
G:\Program Files\DropBox\DropBox\DropBox.exe
G:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
G:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
G:\Program Files\Messenger\msmsgs.exe
G:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
G:\Program Files\Windows Media Player\WMPNSCFG.exe
G:\Program Files\Google\Google Updater\GoogleUpdater.exe
G:\Program Files\NETGEAR\WG111U Configuration Utility\WG111UCFG.exe
G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\Documents and Settings\Brian\Desktop\dss.exe
G:\PROGRA~1\TRENDM~1\HIJACK~1\Brian.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {3C2AFF18-43BC-41B0-B523-664F95010DE1} - G:\WINDOWS\system32\rqRhiHAq.dll (file missing)
O2 - BHO: (no name) - {6230596F-3A44-4CDF-815B-372FA03C75D6} - G:\WINDOWS\system32\tuvwxYrR.dll
O2 - BHO: (no name) - {95260F93-9758-4B43-B609-B917968436A3} - G:\WINDOWS\system32\urqpnMcB.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "G:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "G:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] G:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] G:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Component Manager] "G:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [EEventManager] G:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [DIGServices] G:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SM1BG] G:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [DropBoxUtility] "G:\Program Files\DropBox\DropBox\DropBox.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [+,-./0123456789:;<=exe] !"#$%&'()*+,-./0123456789:;<=exe
O4 - HKLM\..\Run: [3456789:;<=>?@ABCDEFGexe] ()*+,-./0123456789:;<=>?@ABCDEFGexe
O4 - HKLM\..\Run: [F-Secure Manager] "G:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "G:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] G:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [+,-./0123456789:;<=exe] !"#$%&'()*+,-./0123456789:;<=exe
O4 - HKCU\..\Run: [3456789:;<=>?@ABCDEFGexe] ()*+,-./0123456789:;<=>?@ABCDEFGexe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = G:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://G:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay13...es/MsnPUpld.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-sec.../fshc/fscax.cab
O20 - Winlogon Notify: tuvwxYrR - G:\WINDOWS\SYSTEM32\tuvwxYrR.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - G:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - G:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - G:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 11228 bytes

-- Files created between 2008-06-30 and 2008-07-30 -----------------------------

2008-07-30 16:52:40 99712 --a------ G:\WINDOWS\system32\sjodyrye.dll
2008-07-30 16:51:53 640270 --ahs---- G:\WINDOWS\system32\BcMnpqru.ini2
2008-07-30 16:51:43 323328 --a------ G:\WINDOWS\system32\urqpnMcB.dll
2008-07-29 22:51:17 0 d-------- G:\VundoFix Backups
2008-07-29 12:31:33 0 d-------- G:\Program Files\Trend Micro
2008-07-28 15:08:04 0 d-------- G:\Documents and Settings\Brian\Application Data\F-Secure
2008-07-28 14:52:20 0 d-------- G:\Documents and Settings\All Users\Application Data\F-Secure
2008-07-28 14:51:26 0 d-------- G:\Program Files\F-Secure Internet Security
2008-07-28 14:37:56 0 d-------- G:\Documents and Settings\All Users\Application Data\fssg
2008-07-27 14:36:44 0 d-------- G:\Program Files\Sophos
2008-07-23 18:23:36 33152 --a------ G:\WINDOWS\system32\tuvwxYrR.dll
2008-07-23 18:12:03 0 d-------- G:\Program Files\FreeUndelete


-- Find3M Report ---------------------------------------------------------------

2008-07-30 16:59:46 384 --a------ G:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000005-00001102-00000004-20021102}.dat
2008-07-30 16:59:46 384 --a------ G:\WINDOWS\system32\DVCState-{00000002-00000000-00000005-00001102-00000004-20021102}.dat
2008-07-28 11:55:45 4212 --ah----- G:\WINDOWS\system32\zllictbl.dat
2008-07-23 23:54:36 0 d-------- G:\Program Files\Google
2008-07-02 22:32:52 0 d-------- G:\Documents and Settings\Brian\Application Data\Adobe
2008-06-06 14:02:20 0 d-------- G:\Program Files\Common Files
2008-06-06 14:02:10 0 d-------- G:\Program Files\Quicken
2008-05-29 13:41:30 256 --a------ G:\WINDOWS\system32\pool.bin
2008-05-11 08:49:32 69032 --a------ G:\Documents and Settings\Brian\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C2AFF18-43BC-41B0-B523-664F95010DE1}]
G:\WINDOWS\system32\rqRhiHAq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6230596F-3A44-4CDF-815B-372FA03C75D6}]
07/23/2008 06:23 PM 33152 --a------ G:\WINDOWS\system32\tuvwxYrR.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95260F93-9758-4B43-B609-B917968436A3}]
07/30/2008 04:51 PM 323328 --a------ G:\WINDOWS\system32\urqpnMcB.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="G:\WINDOWS\system32\NvCpl.dll" [04/22/2004 09:24 PM]
"nwiz"="nwiz.exe" [04/22/2004 09:24 PM G:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="G:\WINDOWS\system32\NvMcTray.dll" [04/22/2004 09:24 PM]
"type32"="G:\Program Files\Microsoft IntelliType Pro\type32.exe" [06/03/2004 01:51 AM]
"IntelliPoint"="G:\Program Files\Microsoft IntelliPoint\point32.exe" [06/03/2004 01:50 AM]
"CTHelper"="CTHELPER.EXE" [10/05/2003 11:57 PM G:\WINDOWS\system32\CTHELPER.EXE]
"SBDrvDet"="G:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [12/03/2002 06:06 PM]
"UpdReg"="G:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"HP Component Manager"="G:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 04:18 PM]
"HP Software Update"="G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [02/17/2005 12:11 AM]
"HPDJ Taskbar Utility"="G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [11/10/2003 12:12 PM]
"EEventManager"="G:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [04/08/2005 03:09 PM]
"DIGServices"="G:\Program Files\ESPNRunTime\DIGServices.exe" [10/31/2005 11:18 AM]
"Adobe Photo Downloader"="G:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [09/09/2005 01:18 AM]
"TkBellExe"="G:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/25/2007 10:26 AM]
"SM1BG"="G:\WINDOWS\SM1BG.EXE" [08/27/2003 02:20 PM]
"DropBoxUtility"="G:\Program Files\DropBox\DropBox\DropBox.exe" [12/02/2007 03:26 PM]
"Adobe Reader Speed Launcher"="G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="G:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"@"="" []
"RoxWatchTray"="G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [08/16/2007 08:56 AM]
"NeroFilterCheck"="G:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM]
"+"="" []
"3456789:;<=>?@ABCDEFGexe"="()*+" []
"F-Secure Manager"="G:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [04/04/2008 11:10 AM]
"F-Secure TNB"="G:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [04/04/2008 11:09 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="G:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"swg"="G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/31/2007 01:48 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/23/2006 06:05 PM]
"MSMSGS"="G:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"WMPNSCFG"="G:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"+,-./0123456789:;<=exe"=" !#$%&'()*+,-./0123456789:;<=exe" []
"3456789:;<=>?@ABCDEFGexe"="()*+,-./0123456789:;<=>?@ABCDEFGexe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/4/2004 1:12:18 AM]
Google Updater.lnk - G:\Program Files\Google\Google Updater\GoogleUpdater.exe [8/7/2006 11:00:39 AM]
Microsoft Office.lnk - G:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
Smart Wizard Wireless Settings.lnk - G:\Program Files\NETGEAR\WG111U Configuration Utility\WG111UCFG.exe [8/28/2005 8:33:21 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6230596F-3A44-4CDF-815B-372FA03C75D6}"= G:\WINDOWS\system32\tuvwxYrR.dll [07/23/2008 06:23 PM 33152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwxYrR]
tuvwxYrR.dll 07/23/2008 06:23 PM 33152 G:\WINDOWS\system32\tuvwxYrR.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 G:\WINDOWS\system32\urqpnMcB




-- End of Deckard's System Scanner: finished at 2008-07-30 18:07:40 ------------
  • 0

#8
Rorschach112
Posted 31 July 2008 - 05:49 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#9
banquos_ghost
Posted 01 August 2008 - 12:40 AM

banquos_ghost

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi -- Sorry for the delay. I lost internet connectivity this morning and wasn't able to restore it until after work tonight. Here's the ComboFix log:

ComboFix 08-07-31.01 - Brian 2008-07-31 23:18:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.534 [GMT -7:00]
Running from: G:\Documents and Settings\Brian\Desktop\ComboFix.exe
Command switches used :: G:\Documents and Settings\Brian\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\Documents and Settings\Brian\Application Data\macromedia\Flash Player\#SharedObjects\76RUQLA2\interclick.com
G:\Documents and Settings\Brian\Application Data\macromedia\Flash Player\#SharedObjects\76RUQLA2\interclick.com\ud.sol
G:\Documents and Settings\Brian\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
G:\Documents and Settings\Brian\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
G:\Documents and Settings\Katerina\Application Data\macromedia\Flash Player\#SharedObjects\48785GGR\interclick.com
G:\Documents and Settings\Katerina\Application Data\macromedia\Flash Player\#SharedObjects\48785GGR\interclick.com\ud.sol
G:\Documents and Settings\Katerina\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
G:\Documents and Settings\Katerina\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
G:\WINDOWS\cookies.ini
G:\WINDOWS\system32\BcMnpqru.ini
G:\WINDOWS\system32\BcMnpqru.ini2
G:\WINDOWS\system32\mcrh.tmp
G:\WINDOWS\system32\qAHihRqr.ini
G:\WINDOWS\system32\sex1.ico
G:\WINDOWS\system32\sex2.ico
G:\WINDOWS\system32\shojkdgd.ini
G:\WINDOWS\system32\tuvwxYrR.dll
G:\WINDOWS\system32\urqpnMcB.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MEMSWEEP2
-------\Service_MEMSWEEP2


((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 )))))))))))))))))))))))))))))))
.

2008-07-31 22:26 . 2008-07-31 22:26 99,712 --a------ G:\WINDOWS\system32\dgdkjohs.0ll
2008-07-31 22:23 . 2008-07-31 22:23 99,712 --a------ G:\WINDOWS\system32\jwnjbnjb.dll
2008-07-30 16:52 . 2008-07-30 16:52 99,712 --a------ G:\WINDOWS\system32\sjodyrye.dll
2008-07-30 16:42 . 2008-07-30 16:42 <DIR> d-------- G:\_OTMoveIt
2008-07-29 23:08 . 2008-07-29 23:08 <DIR> d-------- G:\Deckard
2008-07-29 22:51 . 2008-07-29 22:51 <DIR> d-------- G:\VundoFix Backups
2008-07-29 12:31 . 2008-07-29 12:31 <DIR> d-------- G:\Program Files\Trend Micro
2008-07-28 15:08 . 2008-07-31 23:30 <DIR> d-------- G:\Documents and Settings\Brian\Application Data\F-Secure
2008-07-28 14:53 . 2008-04-04 11:08 57,856 --a------ G:\WINDOWS\system32\drivers\fsdfw.sys
2008-07-28 14:53 . 2008-04-04 11:08 36,736 --a------ G:\WINDOWS\system32\drivers\fsndis5.sys
2008-07-28 14:52 . 2008-07-28 14:52 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\F-Secure
2008-07-28 14:51 . 2008-07-28 14:55 <DIR> d-------- G:\Program Files\F-Secure Internet Security
2008-07-28 14:37 . 2008-07-28 14:50 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\fssg
2008-07-27 14:36 . 2008-07-27 14:36 <DIR> d-------- G:\Program Files\Sophos
2008-07-23 18:12 . 2008-07-28 14:41 <DIR> d-------- G:\Program Files\FreeUndelete
2008-07-08 10:33 . 2008-07-30 12:03 54,156 --ah----- G:\WINDOWS\QTFont.qfn
2008-07-08 10:33 . 2008-07-08 10:33 1,409 --a------ G:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 06:45 --------- d-----w G:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-24 06:54 --------- d-----w G:\Program Files\Google
2008-06-20 10:45 360,320 ----a-w G:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w G:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w G:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w G:\WINDOWS\system32\drivers\bthport.sys
2008-06-06 21:02 --------- d-----w G:\Program Files\Quicken
2008-05-11 15:49 69,032 ----a-w G:\Documents and Settings\Brian\Application Data\GDIPFONTCACHEV1.DAT
2008-04-29 00:40 52,792 ----a-w G:\Documents and Settings\Katerina\Application Data\GDIPFONTCACHEV1.DAT
2006-12-29 21:05 20,323,355 ----a-w G:\Program Files\SonicCinePlayerDVDDecoderPackv2.31_SDD.exe
2006-03-27 17:42 50,256 ----a-w G:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2003-08-27 21:19 36,963 ------w G:\Program Files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"3456789:;<=>?@ABCDEFGexe"="()*+" [?]
"ctfmon.exe"="G:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"swg"="G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 01:48 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"MSMSGS"="G:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"WMPNSCFG"="G:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"3456789:;<=>?@ABCDEFGexe"="()*+" [?]
"NvCplDaemon"="G:\WINDOWS\system32\NvCpl.dll" [2004-04-22 21:24 3756032]
"NvMediaCenter"="G:\WINDOWS\system32\NvMcTray.dll" [2004-04-22 21:24 46080]
"type32"="G:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 01:51 172032]
"IntelliPoint"="G:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 01:50 204800]
"SBDrvDet"="G:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06 45056]
"UpdReg"="G:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"HP Component Manager"="G:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664]
"HP Software Update"="G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"HPDJ Taskbar Utility"="G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-10 12:12 176128]
"EEventManager"="G:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 15:09 102400]
"DIGServices"="G:\Program Files\ESPNRunTime\DIGServices.exe" [2005-10-31 11:18 101888]
"Adobe Photo Downloader"="G:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 01:18 57344]
"TkBellExe"="G:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-25 10:26 185632]
"SM1BG"="G:\WINDOWS\SM1BG.EXE" [2003-08-27 14:20 94208]
"DropBoxUtility"="G:\Program Files\DropBox\DropBox\DropBox.exe" [2007-12-02 15:26 258048]
"Adobe Reader Speed Launcher"="G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="G:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"RoxWatchTray"="G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 08:56 236016]
"NeroFilterCheck"="G:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"F-Secure Manager"="G:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" [2008-04-04 11:10 182936]
"F-Secure TNB"="G:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2008-04-04 11:09 739936]
"nwiz"="nwiz.exe" [2004-04-22 21:24 831488 G:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2003-10-05 23:57 24576 G:\WINDOWS\system32\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 05:00 53760 G:\WINDOWS\system32\narrator.exe]

G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 01:12:18 113664]
Google Updater.lnk - G:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-08-07 11:00:39 124912]
Microsoft Office.lnk - G:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Smart Wizard Wireless Settings.lnk - G:\Program Files\NETGEAR\WG111U Configuration Utility\WG111UCFG.exe [2005-08-28 20:33:21 1073238]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 G:\WINDOWS\system32\urqpnMcB

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"G:\\Program Files\\DropBox\\DropBox\\DropBox.exe"=

R0 FSFW;F-Secure Firewall Driver;G:\WINDOWS\system32\drivers\fsdfw.sys [2008-04-04 11:08]
R1 F-Secure HIPS;F-Secure HIPS;G:\Program Files\F-Secure Internet Security\HIPS\fshs.sys [2008-04-04 11:09]
R2 PfDetNT;PfDetNT;G:\WINDOWS\system32\drivers\PfModNT.sys [2003-03-05 00:07]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;G:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2008-04-04 11:07]
S3 ATHFMWDL;NETGEAR WG111U Bootloader driver;G:\WINDOWS\system32\Drivers\athfmwdl.sys [2004-11-12 16:49]
S3 WG111U;NETGEAR WG111U Driver;G:\WINDOWS\system32\DRIVERS\wg111u.sys [2004-11-12 16:49]
S4 F-Secure Filter;F-Secure File System Filter;G:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2008-04-04 11:07]
S4 F-Secure Recognizer;F-Secure File System Recognizer;G:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2008-04-04 11:07]

*Newly Created Service* - PCANDIS5
.
Contents of the 'Scheduled Tasks' folder

2008-07-19 G:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- G:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{3C2AFF18-43BC-41B0-B523-664F95010DE1} - G:\WINDOWS\system32\rqRhiHAq.dll
HKLM-Run-f27463f4 - G:\WINDOWS\system32\dgdkjohs.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - G:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\t04erwsc.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 23:33:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
G:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
G:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32.exe
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
G:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
G:\Program Files\Windows Media Player\wmpnetwk.exe
G:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
G:\Program Files\F-Secure Internet Security\FWES\program\fsdfwd.exe
G:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
G:\PROGRA~1\F-SECU~1\ANTI-V~1\fsav32.exe
G:\WINDOWS\system32\rundll32.exe
G:\PROGRA~1\F-SECU~1\Common\FSM32.EXE
G:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
G:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-07-31 23:38:09 - machine was rebooted [Brian]
ComboFix-quarantined-files.txt 2008-08-01 06:38:02

Pre-Run: 53,992,013,824 bytes free
Post-Run: 54,998,523,904 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
G:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

192 --- E O F --- 2008-07-09 20:54:26






and here's the latest from HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:26 PM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
G:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
G:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
G:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
G:\WINDOWS\system32\svchost.exe
G:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
G:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
G:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Microsoft IntelliType Pro\type32.exe
G:\Program Files\Microsoft IntelliPoint\point32.exe
G:\Program Files\HP\hpcoretech\hpcmpmgr.exe
G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
G:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
G:\Program Files\ESPNRunTime\DIGServices.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\WINDOWS\SM1BG.EXE
G:\Program Files\DropBox\DropBox\DropBox.exe
G:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
G:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
G:\Program Files\Messenger\msmsgs.exe
G:\Program Files\Windows Media Player\WMPNSCFG.exe
G:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Program Files\Google\Google Updater\GoogleUpdater.exe
G:\Program Files\NETGEAR\WG111U Configuration Utility\WG111UCFG.exe
G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
G:\WINDOWS\explorer.exe
G:\WINDOWS\system32\notepad.exe
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "G:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "G:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] G:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] G:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Component Manager] "G:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [EEventManager] G:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [DIGServices] G:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SM1BG] G:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [DropBoxUtility] "G:\Program Files\DropBox\DropBox\DropBox.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [+,-./0123456789:;<=exe] !"#$%&'()*+,-./0123456789:;<=exe
O4 - HKLM\..\Run: [3456789:;<=>?@ABCDEFGexe] ()*+,-./0123456789:;<=>?@ABCDEFGexe
O4 - HKLM\..\Run: [F-Secure Manager] "G:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "G:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] G:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [+,-./0123456789:;<=exe] !"#$%&'()*+,-./0123456789:;<=exe
O4 - HKCU\..\Run: [3456789:;<=>?@ABCDEFGexe] ()*+,-./0123456789:;<=>?@ABCDEFGexe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = G:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://G:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay13...es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1217486234953
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-sec.../fshc/fscax.cab
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - G:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - G:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - G:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 10939 bytes

Thanks!
-Brian
  • 0

#10
banquos_ghost
Posted 01 August 2008 - 12:43 AM

banquos_ghost

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I think though that F-Secure was still operational when I ran ComboFix...I thought I'd disabled it but the log seems to suggest otherwise.

Should I go through the ComboFix process again? (And if so, will I need to re-install Windows Recovery Console?)

Let me know, and thanks so much for your help.

Yours
Brian
  • 0

Advertisements

#11
Rorschach112
Posted 01 August 2008 - 06:23 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
No need

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
G:\WINDOWS\system32\dgdkjohs.0ll
G:\WINDOWS\system32\jwnjbnjb.dll
G:\WINDOWS\system32\sjodyrye.dll

Folder::

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall





Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Also post a new HijackThis log
  • 0

#12
banquos_ghost
Posted 01 August 2008 - 02:50 PM

banquos_ghost

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Okay. Here's the MBAM log:

Malwarebytes' Anti-Malware 1.24
Database version: 1015
Windows 5.1.2600 Service Pack 2

1:46:03 PM 8/1/2008
mbam-log-8-1-2008 (13-46-03).txt

Scan type: Quick Scan
Objects scanned: 45023
Time elapsed: 6 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\G:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
G:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.





and here's another HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:49:22 PM, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
G:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
G:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
G:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Microsoft IntelliType Pro\type32.exe
G:\Program Files\Microsoft IntelliPoint\point32.exe
G:\WINDOWS\system32\CTHELPER.EXE
G:\Program Files\HP\hpcoretech\hpcmpmgr.exe
G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
G:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
G:\Program Files\ESPNRunTime\DIGServices.exe
G:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\WINDOWS\SM1BG.EXE
G:\Program Files\DropBox\DropBox\DropBox.exe
G:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
G:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
G:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
G:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
G:\Program Files\Messenger\msmsgs.exe
G:\Program Files\Windows Media Player\WMPNSCFG.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
G:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
G:\Program Files\Google\Google Updater\GoogleUpdater.exe
G:\Program Files\NETGEAR\WG111U Configuration Utility\WG111UCFG.exe
G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
G:\WINDOWS\explorer.exe
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "G:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "G:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] G:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] G:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Component Manager] "G:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [EEventManager] G:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [DIGServices] G:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SM1BG] G:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [DropBoxUtility] "G:\Program Files\DropBox\DropBox\DropBox.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [+,-./0123456789:;<=exe] !"#$%&'()*+,-./0123456789:;<=exe
O4 - HKLM\..\Run: [3456789:;<=>?@ABCDEFGexe] ()*+,-./0123456789:;<=>?@ABCDEFGexe
O4 - HKLM\..\Run: [F-Secure Manager] "G:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "G:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] G:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [+,-./0123456789:;<=exe] !"#$%&'()*+,-./0123456789:;<=exe
O4 - HKCU\..\Run: [3456789:;<=>?@ABCDEFGexe] ()*+,-./0123456789:;<=>?@ABCDEFGexe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = G:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://G:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay13...es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1217486234953
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-sec.../fshc/fscax.cab
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - G:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - G:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - G:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 10965 bytes




You didn't specifically request that I do so, but I figure it can't hurt to post today's ComboFix log while I'm at it...so here it is:

ComboFix 08-07-31.01 - Brian 2008-08-01 13:22:03.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.500 [GMT -7:00]
Running from: G:\Documents and Settings\Brian\Desktop\ComboFix.exe
Command switches used :: G:\Documents and Settings\Brian\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
G:\WINDOWS\system32\dgdkjohs.0ll
G:\WINDOWS\system32\jwnjbnjb.dll
G:\WINDOWS\system32\sjodyrye.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\WINDOWS\system32\dgdkjohs.0ll
G:\WINDOWS\system32\jwnjbnjb.dll
G:\WINDOWS\system32\sjodyrye.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 )))))))))))))))))))))))))))))))
.

2008-07-30 16:42 . 2008-07-30 16:42 <DIR> d-------- G:\_OTMoveIt
2008-07-29 23:08 . 2008-07-29 23:08 <DIR> d-------- G:\Deckard
2008-07-29 22:51 . 2008-07-29 22:51 <DIR> d-------- G:\VundoFix Backups
2008-07-29 12:31 . 2008-07-29 12:31 <DIR> d-------- G:\Program Files\Trend Micro
2008-07-28 15:08 . 2008-07-31 23:30 <DIR> d-------- G:\Documents and Settings\Brian\Application Data\F-Secure
2008-07-28 14:53 . 2008-04-04 11:08 57,856 --a------ G:\WINDOWS\system32\drivers\fsdfw.sys
2008-07-28 14:53 . 2008-04-04 11:08 36,736 --a------ G:\WINDOWS\system32\drivers\fsndis5.sys
2008-07-28 14:52 . 2008-07-28 14:52 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\F-Secure
2008-07-28 14:51 . 2008-07-28 14:55 <DIR> d-------- G:\Program Files\F-Secure Internet Security
2008-07-28 14:37 . 2008-07-28 14:50 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\fssg
2008-07-27 14:36 . 2008-07-27 14:36 <DIR> d-------- G:\Program Files\Sophos
2008-07-23 18:12 . 2008-07-28 14:41 <DIR> d-------- G:\Program Files\FreeUndelete
2008-07-08 10:33 . 2008-07-30 12:03 54,156 --ah----- G:\WINDOWS\QTFont.qfn
2008-07-08 10:33 . 2008-07-08 10:33 1,409 --a------ G:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 19:35 --------- d-----w G:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-24 06:54 --------- d-----w G:\Program Files\Google
2008-06-20 17:41 245,248 ----a-w G:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w G:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w G:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w G:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w G:\WINDOWS\system32\drivers\bthport.sys
2008-06-06 21:02 --------- d-----w G:\Program Files\Quicken
2008-05-11 15:49 69,032 ----a-w G:\Documents and Settings\Brian\Application Data\GDIPFONTCACHEV1.DAT
2008-05-07 05:18 1,287,680 ----a-w G:\WINDOWS\system32\quartz.dll
2008-04-29 00:40 52,792 ----a-w G:\Documents and Settings\Katerina\Application Data\GDIPFONTCACHEV1.DAT
2006-12-29 21:05 20,323,355 ----a-w G:\Program Files\SonicCinePlayerDVDDecoderPackv2.31_SDD.exe
2006-03-27 17:42 50,256 ----a-w G:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2003-08-27 21:19 36,963 ------w G:\Program Files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"3456789:;<=>?@ABCDEFGexe"="()*+" [?]
"ctfmon.exe"="G:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"swg"="G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 01:48 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"MSMSGS"="G:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"WMPNSCFG"="G:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"3456789:;<=>?@ABCDEFGexe"="()*+" [?]
"NvCplDaemon"="G:\WINDOWS\system32\NvCpl.dll" [2004-04-22 21:24 3756032]
"NvMediaCenter"="G:\WINDOWS\system32\NvMcTray.dll" [2004-04-22 21:24 46080]
"type32"="G:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 01:51 172032]
"IntelliPoint"="G:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 01:50 204800]
"SBDrvDet"="G:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06 45056]
"UpdReg"="G:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"HP Component Manager"="G:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664]
"HP Software Update"="G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"HPDJ Taskbar Utility"="G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-10 12:12 176128]
"EEventManager"="G:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 15:09 102400]
"DIGServices"="G:\Program Files\ESPNRunTime\DIGServices.exe" [2005-10-31 11:18 101888]
"Adobe Photo Downloader"="G:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 01:18 57344]
"TkBellExe"="G:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-25 10:26 185632]
"SM1BG"="G:\WINDOWS\SM1BG.EXE" [2003-08-27 14:20 94208]
"DropBoxUtility"="G:\Program Files\DropBox\DropBox\DropBox.exe" [2007-12-02 15:26 258048]
"Adobe Reader Speed Launcher"="G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="G:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"RoxWatchTray"="G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 08:56 236016]
"NeroFilterCheck"="G:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"F-Secure Manager"="G:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" [2008-04-04 11:10 182936]
"F-Secure TNB"="G:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2008-04-04 11:09 739936]
"nwiz"="nwiz.exe" [2004-04-22 21:24 831488 G:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2003-10-05 23:57 24576 G:\WINDOWS\system32\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 05:00 53760 G:\WINDOWS\system32\narrator.exe]

G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 01:12:18 113664]
Google Updater.lnk - G:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-08-07 11:00:39 124912]
Microsoft Office.lnk - G:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Smart Wizard Wireless Settings.lnk - G:\Program Files\NETGEAR\WG111U Configuration Utility\WG111UCFG.exe [2005-08-28 20:33:21 1073238]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"G:\\Program Files\\DropBox\\DropBox\\DropBox.exe"=

R0 FSFW;F-Secure Firewall Driver;G:\WINDOWS\system32\drivers\fsdfw.sys [2008-04-04 11:08]
R1 F-Secure HIPS;F-Secure HIPS;G:\Program Files\F-Secure Internet Security\HIPS\fshs.sys [2008-04-04 11:09]
R2 PfDetNT;PfDetNT;G:\WINDOWS\system32\drivers\PfModNT.sys [2003-03-05 00:07]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;G:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2008-04-04 11:07]
S3 ATHFMWDL;NETGEAR WG111U Bootloader driver;G:\WINDOWS\system32\Drivers\athfmwdl.sys [2004-11-12 16:49]
S3 WG111U;NETGEAR WG111U Driver;G:\WINDOWS\system32\DRIVERS\wg111u.sys [2004-11-12 16:49]
S4 F-Secure Filter;F-Secure File System Filter;G:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2008-04-04 11:07]
S4 F-Secure Recognizer;F-Secure File System Recognizer;G:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2008-04-04 11:07]

*Newly Created Service* - PCANDIS5
.
Contents of the 'Scheduled Tasks' folder

2008-07-19 G:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- G:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-01 13:28:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
G:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
G:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32.exe
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
G:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
G:\Program Files\Windows Media Player\wmpnetwk.exe
G:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
G:\WINDOWS\system32\rundll32.exe
G:\Program Files\F-Secure Internet Security\FWES\program\fsdfwd.exe
G:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
G:\PROGRA~1\F-SECU~1\Common\FSM32.EXE
G:\PROGRA~1\F-SECU~1\FSGUI\fsguidll.exe
G:\PROGRA~1\F-SECU~1\ANTI-V~1\fsav32.exe
G:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-08-01 13:33:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-01 20:33:14
ComboFix2.txt 2008-08-01 06:38:14

Pre-Run: 55,014,658,048 bytes free
Post-Run: 55,005,634,560 bytes free

160 --- E O F --- 2008-07-09 20:54:26


Thanks again!

-Brian
  • 0

#13
Rorschach112
Posted 01 August 2008 - 03:15 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

Registry::
O4 - HKLM\..\Run: [+,-./0123456789:;<=exe] !"#$%&'()*+,-./0123456789:;<=exe
O4 - HKLM\..\Run: [3456789:;<=>?@ABCDEFGexe] ()*+,-./0123456789:;<=>?@ABCDEFGexe
O4 - HKCU\..\Run: [+,-./0123456789:;<=exe] !"#$%&'()*+,-./0123456789:;<=exe
O4 - HKCU\..\Run: [3456789:;<=>?@ABCDEFGexe] ()*+,-./0123456789:;<=>?@ABCDEFGexe

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Also post a new HijackThis log
  • 0

#14
banquos_ghost
Posted 01 August 2008 - 03:59 PM

banquos_ghost

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Done. Here's the ComboFix log:

ComboFix 08-07-31.01 - Brian 2008-08-01 14:52:06.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.541 [GMT -7:00]
Running from: G:\Documents and Settings\Brian\Desktop\ComboFix.exe
Command switches used :: G:\Documents and Settings\Brian\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 )))))))))))))))))))))))))))))))
.

2008-08-01 13:38 . 2008-08-01 13:38 <DIR> d-------- G:\Program Files\Malwarebytes' Anti-Malware
2008-08-01 13:38 . 2008-08-01 13:38 <DIR> d-------- G:\Documents and Settings\Brian\Application Data\Malwarebytes
2008-08-01 13:38 . 2008-08-01 13:38 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-01 13:38 . 2008-07-30 20:07 38,472 --a------ G:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-01 13:38 . 2008-07-30 20:07 17,144 --a------ G:\WINDOWS\system32\drivers\mbam.sys
2008-07-30 16:42 . 2008-07-30 16:42 <DIR> d-------- G:\_OTMoveIt
2008-07-29 23:08 . 2008-07-29 23:08 <DIR> d-------- G:\Deckard
2008-07-29 22:51 . 2008-07-29 22:51 <DIR> d-------- G:\VundoFix Backups
2008-07-29 12:31 . 2008-07-29 12:31 <DIR> d-------- G:\Program Files\Trend Micro
2008-07-28 15:08 . 2008-07-31 23:30 <DIR> d-------- G:\Documents and Settings\Brian\Application Data\F-Secure
2008-07-28 14:53 . 2008-04-04 11:08 57,856 --a------ G:\WINDOWS\system32\drivers\fsdfw.sys
2008-07-28 14:53 . 2008-04-04 11:08 36,736 --a------ G:\WINDOWS\system32\drivers\fsndis5.sys
2008-07-28 14:52 . 2008-07-28 14:52 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\F-Secure
2008-07-28 14:51 . 2008-07-28 14:55 <DIR> d-------- G:\Program Files\F-Secure Internet Security
2008-07-28 14:37 . 2008-07-28 14:50 <DIR> d-------- G:\Documents and Settings\All Users\Application Data\fssg
2008-07-27 14:36 . 2008-07-27 14:36 <DIR> d-------- G:\Program Files\Sophos
2008-07-23 18:12 . 2008-07-28 14:41 <DIR> d-------- G:\Program Files\FreeUndelete
2008-07-08 10:33 . 2008-07-30 12:03 54,156 --ah----- G:\WINDOWS\QTFont.qfn
2008-07-08 10:33 . 2008-07-08 10:33 1,409 --a------ G:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 19:35 --------- d-----w G:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-24 06:54 --------- d-----w G:\Program Files\Google
2008-06-20 17:41 245,248 ----a-w G:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w G:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w G:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w G:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w G:\WINDOWS\system32\drivers\bthport.sys
2008-06-06 21:02 --------- d-----w G:\Program Files\Quicken
2008-05-11 15:49 69,032 ----a-w G:\Documents and Settings\Brian\Application Data\GDIPFONTCACHEV1.DAT
2008-05-07 05:18 1,287,680 ----a-w G:\WINDOWS\system32\quartz.dll
2008-04-29 00:40 52,792 ----a-w G:\Documents and Settings\Katerina\Application Data\GDIPFONTCACHEV1.DAT
2006-12-29 21:05 20,323,355 ----a-w G:\Program Files\SonicCinePlayerDVDDecoderPackv2.31_SDD.exe
2006-03-27 17:42 50,256 ----a-w G:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2003-08-27 21:19 36,963 ------w G:\Program Files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="G:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"swg"="G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 01:48 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"MSMSGS"="G:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"WMPNSCFG"="G:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="G:\WINDOWS\system32\NvCpl.dll" [2004-04-22 21:24 3756032]
"NvMediaCenter"="G:\WINDOWS\system32\NvMcTray.dll" [2004-04-22 21:24 46080]
"type32"="G:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 01:51 172032]
"IntelliPoint"="G:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 01:50 204800]
"SBDrvDet"="G:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06 45056]
"UpdReg"="G:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"HP Component Manager"="G:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664]
"HP Software Update"="G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"HPDJ Taskbar Utility"="G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-10 12:12 176128]
"EEventManager"="G:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 15:09 102400]
"DIGServices"="G:\Program Files\ESPNRunTime\DIGServices.exe" [2005-10-31 11:18 101888]
"Adobe Photo Downloader"="G:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 01:18 57344]
"TkBellExe"="G:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-25 10:26 185632]
"SM1BG"="G:\WINDOWS\SM1BG.EXE" [2003-08-27 14:20 94208]
"DropBoxUtility"="G:\Program Files\DropBox\DropBox\DropBox.exe" [2007-12-02 15:26 258048]
"Adobe Reader Speed Launcher"="G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="G:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"RoxWatchTray"="G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 08:56 236016]
"NeroFilterCheck"="G:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"F-Secure Manager"="G:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" [2008-04-04 11:10 182936]
"F-Secure TNB"="G:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2008-04-04 11:09 739936]
"nwiz"="nwiz.exe" [2004-04-22 21:24 831488 G:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2003-10-05 23:57 24576 G:\WINDOWS\system32\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 05:00 53760 G:\WINDOWS\system32\narrator.exe]

G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 01:12:18 113664]
Google Updater.lnk - G:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-08-07 11:00:39 124912]
Microsoft Office.lnk - G:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Smart Wizard Wireless Settings.lnk - G:\Program Files\NETGEAR\WG111U Configuration Utility\WG111UCFG.exe [2005-08-28 20:33:21 1073238]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"G:\\Program Files\\DropBox\\DropBox\\DropBox.exe"=

R0 FSFW;F-Secure Firewall Driver;G:\WINDOWS\system32\drivers\fsdfw.sys [2008-04-04 11:08]
R1 F-Secure HIPS;F-Secure HIPS;G:\Program Files\F-Secure Internet Security\HIPS\fshs.sys [2008-04-04 11:09]
R2 PfDetNT;PfDetNT;G:\WINDOWS\system32\drivers\PfModNT.sys [2003-03-05 00:07]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;G:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2008-04-04 11:07]
S3 ATHFMWDL;NETGEAR WG111U Bootloader driver;G:\WINDOWS\system32\Drivers\athfmwdl.sys [2004-11-12 16:49]
S3 WG111U;NETGEAR WG111U Driver;G:\WINDOWS\system32\DRIVERS\wg111u.sys [2004-11-12 16:49]
S4 F-Secure Filter;F-Secure File System Filter;G:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2008-04-04 11:07]
S4 F-Secure Recognizer;F-Secure File System Recognizer;G:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2008-04-04 11:07]

*Newly Created Service* - PCANDIS5
.
Contents of the 'Scheduled Tasks' folder

2008-07-19 G:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- G:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-01 14:54:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-01 14:55:40
ComboFix-quarantined-files.txt 2008-08-01 21:55:29
ComboFix2.txt 2008-08-01 20:33:26
ComboFix3.txt 2008-08-01 06:38:14

Pre-Run: 54,961,737,728 bytes free
Post-Run: 54,967,566,336 bytes free

127 --- E O F --- 2008-07-09 20:54:26


and here's the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:59:08 PM, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
G:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
G:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
G:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
G:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Microsoft IntelliType Pro\type32.exe
G:\Program Files\Microsoft IntelliPoint\point32.exe
G:\Program Files\HP\hpcoretech\hpcmpmgr.exe
G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
G:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
G:\Program Files\ESPNRunTime\DIGServices.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\WINDOWS\SM1BG.EXE
G:\Program Files\DropBox\DropBox\DropBox.exe
G:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
G:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
G:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
G:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
G:\Program Files\Messenger\msmsgs.exe
G:\Program Files\Windows Media Player\WMPNSCFG.exe
G:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
G:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
G:\Program Files\Google\Google Updater\GoogleUpdater.exe
G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
G:\WINDOWS\explorer.exe
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "G:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "G:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] G:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] G:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Component Manager] "G:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [EEventManager] G:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [DIGServices] G:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SM1BG] G:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [DropBoxUtility] "G:\Program Files\DropBox\DropBox\DropBox.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "G:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "G:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] G:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = G:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://G:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay13...es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1217486234953
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-sec.../fshc/fscax.cab
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - G:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - G:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - G:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - G:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - G:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 10482 bytes



As I'm sure you've probably surmised, most if not all of my PC's 'suspicious activities' (random pop-ups, directories opening upon boot-up, etc.) seem to have ground to a halt.

-Brian
  • 0

#15
Rorschach112
Posted 01 August 2008 - 04:03 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Good :)

Nearly done


Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP