Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help getting rid of Win32.Parite.b Virus [RESOLVED]


  • This topic is locked This topic is locked

#1
Terryc250

Terryc250

    Member

  • Member
  • PipPip
  • 54 posts
I have this virus on my computer, it won't let me run programs like MSN messenger, i used BitDefender and it temporarily removes it, but then after awhile it comes back.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:13, on 2008-08-10
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HTV\HTV.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\Explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\rthdvcpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 64.233.187.74:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HTV Agent] C:\Program Files\HTV\HTV.exe
O4 - HKLM\..\RunOnce: [LogiSPSetupNeedReboot] rundll32.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O13 - Gopher Prefix:
O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....NPUplden-ca.cab
O16 - DPF: {512fc5a1-7de1-43f1-bc0c-371622fcb409} (TotalScan Installer Class) - http://www.nanoscan....s/ascstubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{550542C4-3186-48D4-9701-CE8FC3FD0832}: NameServer = 192.168.0.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing)
O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IntelDHSvcConf - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (file missing)
O23 - Service: VundoFix Service (vundofixsvc) - Unknown owner - VundoFixSVC.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (webrootspysweeperservice) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 12117 bytes
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay. I can see nothing readilly apparent so I would like a deeper look

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
Terryc250

Terryc250

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Hey i think the virus might be gone now, however I do have some spyware on my computer i'd like to get rid of, i ran Deckard System Scanner but only main.txt comes up after the scan, i don't get any "extra.txt" here is main.txt:

Deckard's System Scanner v20071014.68
Run by Boss on 2008-08-16 14:53:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 21.16 GiB (less than 15%) free.


-- HijackThis (run as Boss.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53, on 2008-08-16
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Boss\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CG8OQV3U\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Boss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 64.233.187.74:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {15A695A2-149C-4B5E-AACF-D0C15A5C7E3D} - C:\Windows\system32\yaywxWoL.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {72c9378a-0c38-d1ca-2234-2e06f36bed19} - {91deb63f-60e2-4322-ac1d-83c0a8739c27} - C:\Windows\system32\uxkiui.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [10e99fb2] rundll32.exe "C:\Windows\system32\dfgyltob.dll",b
O4 - HKLM\..\Run: [BM13daac2e] Rundll32.exe "C:\Windows\system32\lcjgooqd.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O20 - AppInit_DLLs: uxkiui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing)
O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IntelDHSvcConf - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (file missing)
O23 - Service: VundoFix Service (vundofixsvc) - Unknown owner - VundoFixSVC.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (webrootspysweeperservice) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 11080 bytes

-- Files created between 2008-07-16 and 2008-08-16 -----------------------------

2008-08-16 14:51:28 0 d-------- C:\Program Files\Trend Micro
2008-08-16 14:51:07 686630 --a------ C:\Users\Boss\dss.exe
2008-08-15 23:04:36 131840 --a------ C:\Windows\system32\uxkiui.dll
2008-08-15 23:04:32 131840 --a------ C:\Windows\system32\hydmoswc.dll
2008-08-15 23:04:30 99200 --a------ C:\Windows\system32\dfgyltob.dll
2008-08-15 23:04:29 2048 --a------ C:\Windows\system32\bovqflgw.exe
2008-08-15 23:04:21 100096 --a------ C:\Windows\system32\lcjgooqd.dll
2008-08-15 02:08:33 0 d-------- C:\Users\Boss\rzr-cd4f
2008-08-14 23:14:14 2048 --a------ C:\Windows\system32\ceigavds.exe
2008-08-14 23:11:11 82432 --a------ C:\Windows\system32\cqxwwdkl.dll
2008-08-14 23:08:12 107008 --a------ C:\Windows\system32\sgiare.dll
2008-08-14 23:08:11 107008 --a------ C:\Windows\system32\oxpojvtt.dll
2008-08-14 23:02:50 89088 --a------ C:\Windows\system32\mqhlkipp.dll
2008-08-13 21:57:59 107520 --a------ C:\Windows\system32\qogbkd.dll
2008-08-13 21:57:57 107520 --a------ C:\Windows\system32\ngocwhbj.dll
2008-08-13 21:54:58 2048 --a------ C:\Windows\system32\aqwmopru.exe
2008-08-13 21:53:26 89600 --a------ C:\Windows\system32\rqwaailg.dll
2008-08-13 21:51:53 465497 --ahs---- C:\Windows\system32\LoWxwyay.ini2
2008-08-13 21:43:30 0 d-------- C:\Windows\Content.IE5
2008-08-13 19:45:05 2048 --a------ C:\Windows\system32\vqeohsxf.exe
2008-08-13 03:18:39 53248 --a------ C:\Windows\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-08-13 03:14:45 68096 --a------ C:\Windows\zip.exe
2008-08-13 03:14:45 49152 --a------ C:\Windows\VFind.exe
2008-08-13 03:14:45 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-13 03:14:45 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-13 03:14:45 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-13 03:14:45 98816 --a------ C:\Windows\sed.exe
2008-08-13 03:01:26 2048 --a------ C:\Windows\system32\gpnjgftx.exe
2008-08-13 02:59:30 312320 --a------ C:\Windows\system32\yaywxWoL.dll
2008-08-11 01:35:43 72192 --a------ C:\Windows\system32\zlib.dll <Not Verified; ; ZLib.DLL>
2008-08-11 01:35:43 0 d-------- C:\Program Files\shaw
2008-08-11 01:32:46 0 d-------- C:\Program Files\KLC
2008-08-10 05:42:23 0 d-------- C:\Program Files\Privoxy
2008-08-10 05:42:21 0 d-------- C:\Program Files\Vidalia
2008-08-10 05:42:20 0 d-------- C:\Program Files\Tor
2008-08-10 05:21:38 0 d-------- C:\Program Files\Proxy Labs
2008-08-10 04:48:10 0 d-------- C:\Program Files\FreeCap
2008-08-10 04:02:24 0 d-------- C:\Naruto_412[SleepyFans]
2008-08-06 20:51:27 0 d-------- C:\Program Files\Common Files\Logishrd
2008-08-06 00:51:05 396288 --a------ C:\Windows\system32\HijackThis.exe <Not Verified; Trend Micro Inc.; HijackThis>
2008-08-05 17:05:39 0 d-------- C:\Program Files\Network Associates
2008-08-05 17:05:14 0 d-------- C:\po
2008-08-04 20:57:52 0 d-------- C:\HLDJ
2008-08-04 18:51:37 0 d-------- C:\Program Files\ICQ6
2008-08-04 06:32:17 0 d-------- C:\Program Files\SoftwarePassport
2008-08-04 06:12:41 0 d-------- C:\UPX
2008-08-03 00:48:25 0 d-------- C:\Program Files\Common Files\Thraex Software
2008-08-03 00:48:24 0 d-------- C:\PacSteamT <PACSTE~1>
2008-08-03 00:48:05 0 d-------- C:\PSC
2008-08-02 15:09:23 0 d-------- C:\New Folder (3)
2008-08-02 14:53:23 0 d-------- C:\AKL
2008-08-02 10:04:30 18944 --a------ C:\Windows\eraser.exe
2008-08-02 10:04:29 0 d-------- C:\Program Files\LeechFTP
2008-08-02 09:39:48 0 d-------- C:\Program Files\HTV
2008-08-02 09:35:31 0 d-------- C:\Program Files\PDM
2008-08-01 03:05:44 0 d-------- C:\perl2exe
2008-08-01 03:03:42 0 d-------- C:\perl
2008-08-01 02:37:55 0 d-------- C:\csdos
2008-08-01 00:18:45 0 d-------- C:\Naruto_411[Binktopia]
2008-07-31 01:43:21 0 d-------- C:\Program Files\East Imperial Soft
2008-07-31 01:43:03 0 d-------- C:\MU
2008-07-30 16:36:16 0 d-------- C:\UD
2008-07-27 00:07:08 0 d-------- C:\Naruto_410[Binktopia]
2008-07-18 02:52:44 0 d-------- C:\Naruto_409[SleepyFans]


-- Find3M Report ---------------------------------------------------------------

2008-08-16 14:46:21 0 d-------- C:\Program Files\Steam
2008-08-16 10:00:20 0 d-------- C:\Users\Boss\AppData\Roaming\Adobe
2008-08-14 23:30:45 0 d---s---- C:\Program Files\HLSW
2008-08-13 21:46:56 0 d-------- C:\Program Files\Common Files
2008-08-11 02:25:51 0 d-------- C:\Program Files\Common Files\Steam
2008-08-10 22:07:09 974848 --a------ C:\Windows\UNRecode.exe <Not Verified; Nero AG; Nero Installer>
2008-08-10 22:07:08 974848 --a------ C:\Windows\UNNeroVision.exe <Not Verified; Nero AG; Nero Installer>
2008-08-10 22:07:08 974848 --a------ C:\Windows\UNNeroShowTime.exe <Not Verified; Nero AG; Nero Installer>
2008-08-10 22:07:08 974848 --a------ C:\Windows\UNNeroMediaHome.exe <Not Verified; Nero AG; Nero Installer>
2008-08-10 22:07:08 974848 --a------ C:\Windows\UNNeroBackItUp.exe <Not Verified; Nero AG; Nero Installer>
2008-08-10 22:06:49 25600 --a------ C:\Windows\system32\WS2Fix.exe
2008-08-10 22:06:38 77312 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-08-10 22:06:37 86528 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-08-10 22:06:36 69632 --a------ C:\Windows\system32\TWUNK_32.EXE <Not Verified; Twain Working Group; Twain Thunker>
2008-08-10 22:06:32 175616 --a------ C:\Windows\system32\strings.exe
2008-08-10 22:06:09 36864 --a------ C:\Windows\system32\OggDSuninst.exe
2008-08-10 22:02:08 81920 --a------ C:\Windows\system32\ATIODE.exe
2008-08-10 22:02:08 40960 --a------ C:\Windows\system32\ATIODCLI.exe
2008-08-10 22:02:08 90112 --a------ C:\Windows\system32\atibrtmon.exe
2008-08-10 22:01:37 77824 --a------ C:\Windows\KHALMNPR.Exe <Not Verified; Logitech, Inc.; Logitech SetPoint>
2008-08-10 22:00:53 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-08-10 22:00:44 80384 --a------ C:\Windows\grep.exe
2008-08-10 22:00:32 73728 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-10 21:59:32 187392 --a------ C:\Windows\Acer(Wide).scr
2008-08-10 21:59:31 187392 --a------ C:\Windows\Acer(Normal).scr
2008-08-10 20:15:50 396288 --a------ C:\HijackThis.exe <Not Verified; Trend Micro Inc.; HijackThis>
2008-08-10 20:13:32 396288 --a------ C:\Boss.exe <Not Verified; Trend Micro Inc.; HijackThis>
2008-08-10 05:53:25 0 d-------- C:\Users\Boss\AppData\Roaming\Vidalia
2008-08-10 05:52:56 0 d-------- C:\Users\Boss\AppData\Roaming\Tor
2008-08-10 05:22:46 0 d-------- C:\Users\Boss\AppData\Roaming\ProxyCap
2008-08-09 21:22:21 0 d-------- C:\Program Files\Paltalk Messenger
2008-08-09 21:21:01 0 d-------- C:\Users\Boss\AppData\Roaming\Paltalk
2008-08-08 21:19:39 637 --a------ C:\Program Files\TTTT.rtf.lnk
2008-08-08 20:20:51 1877243 --a------ C:\Program Files\TTTT.rtf
2008-08-08 20:13:57 24406 --a------ C:\Program Files\New Text Document.txt <NEWTEX~1.TXT>
2008-08-06 20:52:06 0 d-------- C:\Program Files\Common Files\Logitech
2008-08-06 20:51:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-06 03:01:03 0 d-------- C:\Users\Boss\AppData\Roaming\uTorrent
2008-08-05 23:25:14 0 d-------- C:\Users\Boss\AppData\Roaming\IGN_DLM
2008-08-05 20:51:39 0 d-------- C:\Users\Boss\AppData\Roaming\mIRC
2008-08-05 20:51:09 0 d-------- C:\Program Files\mIRC
2008-08-04 18:53:49 0 d-------- C:\Users\Boss\AppData\Roaming\ICQ
2008-06-27 04:52:36 0 d-------- C:\Users\Boss\AppData\Roaming\LimeWire
2008-06-25 16:52:26 176128 --a------ C:\Windows\system32\w2pxdrv.dll <Not Verified; Proxy Labs; ProxyCap>
2008-06-25 16:50:04 118784 --a------ C:\Windows\system32\sbcrreag.dll
2008-06-18 16:36:47 14900 --a------ C:\Windows\system32\BReWErS.dll
2008-06-09 00:13:25 144384 --a------ C:\Windows\system32\miccyhook.dll <Not Verified; ; Miccy's D3D9 Hook>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15A695A2-149C-4B5E-AACF-D0C15A5C7E3D}]
2008-08-13 02:59 312320 --a------ C:\Windows\system32\yaywxWoL.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91deb63f-60e2-4322-ac1d-83c0a8739c27}]
2008-08-15 23:04 131840 --a------ C:\Windows\system32\uxkiui.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-19 15:36 1267040]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour"="" []
"eRecoveryService"="" []
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 01:56 C:\Windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-08-10 22:01 C:\Windows\KHALMNPR.Exe]
"10e99fb2"="C:\Windows\system32\dfgyltob.dll" [2008-08-15 23:04]
"BM13daac2e"="C:\Windows\system32\lcjgooqd.dll" [2008-08-15 23:04]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-08-10 21:20]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 05:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{849A0024-41E5-437D-8C42-90F073428367}"= C:\Windows\system32\ssqPfeBR.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=uxkiui.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\yaywxWoL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\webrootspysweeperservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\Windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Privoxy.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Privoxy.lnk
backup=C:\Windows\pss\Privoxy.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Boss^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\10e99fb2]
rundll32.exe "C:\Windows\system32\wifcfhgv.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
C:\Program Files\Acer Assist\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
C:\Acer\Empowering Technology\SysMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
"C:\Program Files\Acer Registration\ACE1.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
C:\Acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apanel]
C:\ACERSW\config\SetApanel.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bdagent]
"C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bitdefender antiphishing helper]
"C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM13daac2e]
Rundll32.exe "C:\Windows\system32\hlpgcwgf.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
FactoryMode

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTV Agent]
C:\Program Files\HTV\HTV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
"C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
"C:\Program Files\ICQ6\ICQ.exe" silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
"c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
"C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
rundll32.exe C:\Windows\system32\ssqPfeBR.dll,#1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport]
"C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
"c:\Program Files\Norton Internet Security\osCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing]
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDM Agent]
C:\Program Files\PDM\PDM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shawnotify]
c:\progra~1\shaw\update\siuloader.exe /notify

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
"C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spysweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
rundll32.exe oobefldr.dll,ShowWelcomeCenter

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows updates]
c:\windows\system\Update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
"C:\Program Files\Windows Media Player\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bdx scan


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
autorun\command- J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5eff3f94-86d1-11dc-8b87-0019212f80c2}]
AutoRun\command- K:\setup\rsrc\Autorun.exe
dinstall\command- K:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd405468-98b9-11dc-9911-0019212f80c2}]
AutoRun\command- N:\autorun.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-08-16 14:54:15 ------------
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Hey i think the virus might be gone now, however I do have some spyware on my computer i'd like to get rid of

Err no you are still infected. This will be a busy fix so I would recommend copying to a text file for reference

Download and run ERUNT http://www.larsheder...nline.de/erunt/

Start ERUNT, confirm the Welcome message.

Type in the name of a restore folder where the backed up registry
files should be saved, or click "..." to browse your computer's drives
and select a folder. You can also simply leave the default, which is a
folder named ERDNT inside your Windows folder, the advantage being
that you have access to this folder from the Windows Recovery Console
in case Windows does not boot anymore.


Next, select the backup options:

- System registry:

- Current user registy: .

- Other open user registries:

Click "OK" and wait until the backup process is complete. (Note that
depending on your system configuration this may take some time, and
that the first bar is NOT a progress bar, just an indicator that the
program is still running.) The ERDNT program for later restoration of
the registry is automatically copied to the restore folder.

WARNING these fixes are designed for this user only and may cause damage if run on an uninfected machine

REGISTRY FIX

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file. Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop Posted Image

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.

NEXT

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Windows\system32\uxkiui.dll
    C:\Windows\system32\hydmoswc.dll
    C:\Windows\system32\dfgyltob.dll
    C:\Windows\system32\bovqflgw.exe
    C:\Windows\system32\lcjgooqd.dll
    C:\Users\Boss\rzr-cd4f
    C:\Windows\system32\ceigavds.exe
    C:\Windows\system32\cqxwwdkl.dll
    C:\Windows\system32\sgiare.dll
    C:\Windows\system32\oxpojvtt.dll
    C:\Windows\system32\mqhlkipp.dll
    C:\Windows\system32\qogbkd.dll
    C:\Windows\system32\ngocwhbj.dll
    C:\Windows\system32\aqwmopru.exe
    C:\Windows\system32\rqwaailg.dll
    C:\Windows\system32\LoWxwyay.ini2
    C:\Windows\system32\vqeohsxf.exe
    C:\Windows\system32\gpnjgftx.exe
    C:\Windows\system32\yaywxWoL.dll
    C:\po
    C:\HLDJ
    C:\Windows\system32\sbcrreag.dll
    C:\Windows\system32\BReWErS.dll
    C:\Windows\system32\yaywxWoL.dll
    C:\Windows\system32\uxkiui.dll
    C:\Windows\system32\dfgyltob.dll
    C:\Windows\system32\lcjgooqd.dll
    C:\Windows\system32\ssqPfeBR.dll 
    C:\Windows\system32\uxkiui.dll
    C:\Windows\system32\yaywxWoL
    C:\Windows\system32\wifcfhgv.dll
    C:\Windows\system32\hlpgcwgf.dll
    C:\Windows\system32\ssqPfeBR.dll
    c:\windows\system\Update.exe
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows updates
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM13daac2e
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\10e99fb2
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{849A0024-41E5-437D-8C42-90F073428367}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15A695A2-149C-4B5E-AACF-D0C15A5C7E3D}
    HKEY_CLASSES_ROOT\CLSID\{15A695A2-149C-4B5E-AACF-D0C15A5C7E3D}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72c9378a-0c38-d1ca-2234-2e06f36bed19}
    HKEY_CLASSES_ROOT\CLSID\{72c9378a-0c38-d1ca-2234-2e06f36bed19}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\10e99fb2
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"BM13daac2e
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
    Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

FINALLY FOR NOW

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet. It is imperative that you install this as it will enable a system recovery in the event of problems

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log and OTMoveit report.
  • 0

#5
Terryc250

Terryc250

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
OTMoveit Report:
File/Folder C:\Windows\system32\uxkiui.dll not found.
File/Folder C:\Windows\system32\hydmoswc.dll not found.
File/Folder C:\Windows\system32\dfgyltob.dll not found.
File/Folder C:\Windows\system32\bovqflgw.exe not found.
File/Folder C:\Windows\system32\lcjgooqd.dll not found.
File/Folder C:\Users\Boss\rzr-cd4f not found.
File/Folder C:\Windows\system32\ceigavds.exe not found.
File/Folder C:\Windows\system32\cqxwwdkl.dll not found.
File/Folder C:\Windows\system32\sgiare.dll not found.
File/Folder C:\Windows\system32\oxpojvtt.dll not found.
File/Folder C:\Windows\system32\mqhlkipp.dll not found.
File/Folder C:\Windows\system32\qogbkd.dll not found.
File/Folder C:\Windows\system32\ngocwhbj.dll not found.
File/Folder C:\Windows\system32\aqwmopru.exe not found.
File/Folder C:\Windows\system32\rqwaailg.dll not found.
File/Folder C:\Windows\system32\LoWxwyay.ini2 not found.
File/Folder C:\Windows\system32\vqeohsxf.exe not found.
File/Folder C:\Windows\system32\gpnjgftx.exe not found.
File/Folder C:\Windows\system32\yaywxWoL.dll not found.
File/Folder C:\po not found.
File/Folder C:\HLDJ not found.
File/Folder C:\Windows\system32\sbcrreag.dll not found.
File/Folder C:\Windows\system32\BReWErS.dll not found.
File/Folder C:\Windows\system32\yaywxWoL.dll not found.
File/Folder C:\Windows\system32\uxkiui.dll not found.
File/Folder C:\Windows\system32\dfgyltob.dll not found.
File/Folder C:\Windows\system32\lcjgooqd.dll not found.
File/Folder C:\Windows\system32\ssqPfeBR.dll not found.
File/Folder C:\Windows\system32\uxkiui.dll not found.
File/Folder C:\Windows\system32\yaywxWoL not found.
File/Folder C:\Windows\system32\wifcfhgv.dll not found.
File/Folder C:\Windows\system32\hlpgcwgf.dll not found.
File/Folder C:\Windows\system32\ssqPfeBR.dll not found.
File/Folder c:\windows\system\Update.exe not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows updates >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows updates\\ not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer\\ not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM13daac2e >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM13daac2e\\ not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\10e99fb2 >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\10e99fb2\\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{849A0024-41E5-437D-8C42-90F073428367} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{849A0024-41E5-437D-8C42-90F073428367} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{849A0024-41E5-437D-8C42-90F073428367}\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15A695A2-149C-4B5E-AACF-D0C15A5C7E3D} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15A695A2-149C-4B5E-AACF-D0C15A5C7E3D}\\ not found.
< HKEY_CLASSES_ROOT\CLSID\{15A695A2-149C-4B5E-AACF-D0C15A5C7E3D} >
Registry key HKEY_CLASSES_ROOT\CLSID\{15A695A2-149C-4B5E-AACF-D0C15A5C7E3D}\\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72c9378a-0c38-d1ca-2234-2e06f36bed19} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72c9378a-0c38-d1ca-2234-2e06f36bed19}\\ not found.
< HKEY_CLASSES_ROOT\CLSID\{72c9378a-0c38-d1ca-2234-2e06f36bed19} >
Registry key HKEY_CLASSES_ROOT\CLSID\{72c9378a-0c38-d1ca-2234-2e06f36bed19}\\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\10e99fb2 >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\10e99fb2 not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"BM13daac2e >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"BM13daac2e not found.
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs >
File/Folder [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs not found.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08172008_142146


Hijackthis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:08:24 PM, on 8/17/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\HijackThis2\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 64.233.187.74:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O20 - AppInit_DLLs: uxkiui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing)
O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IntelDHSvcConf - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (file missing)
O23 - Service: VundoFix Service (vundofixsvc) - Unknown owner - VundoFixSVC.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (webrootspysweeperservice) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 10398 bytes

Edited by Terryc250, 17 August 2008 - 04:14 PM.

  • 0

#6
Terryc250

Terryc250

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Sorry the ComboFix Log is too long and doesn't fit, so i uploaded it to rapidshare

http://rapidshare.co...43/log.txt.html

Edited by Terryc250, 17 August 2008 - 04:14 PM.

  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
One to remove - how is your system running now ? Combofix inadvertently deleted a legitimate folder. This will restore it

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

DeQuarantine:: 
C:\Users\All Users\microsoft

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#8
Terryc250

Terryc250

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
System is running better then before now, thanks.

Heres the ComboFix Log:


ComboFix 08-08-18.01 - Boss 2008-08-18 17:06:23.10 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2080 [GMT -7:00]
Running from: C:\Users\Boss\Desktop\ComboFix.exe
Command switches used :: C:\Users\Boss\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt

.
((((((((((((((((((((((((( Files Created from 2008-07-19 to 2008-08-19 )))))))))))))))))))))))))))))))
.

2008-08-17 15:03 . 2008-08-17 15:08 <DIR> d-------- C:\HijackThis2
2008-08-17 15:00 . 2008-08-17 15:00 <DIR> d-------- C:\HijackThis
2008-08-17 14:48 . 2008-08-17 15:06 <DIR> d-------- C:\Users\All Users\Microsoft
2008-08-17 14:31 . 2008-08-17 14:31 2,718,447 --a------ C:\Users\Boss\ComboFix.exe
2008-08-17 14:21 . 2008-08-17 14:21 <DIR> d-------- C:\_OTMoveIt
2008-08-17 14:20 . 2008-08-17 14:20 291,840 --a------ C:\Users\Boss\OTMoveIt2.exe
2008-08-17 14:18 . 2008-08-17 14:18 <DIR> d-------- C:\Program Files\ERUNT
2008-08-17 14:18 . 2008-08-17 14:18 791,393 --a------ C:\Users\Boss\erunt-setup.exe
2008-08-16 14:51 . 2008-08-16 14:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-16 14:51 . 2008-08-16 14:51 686,630 --a------ C:\Users\Boss\dss.exe
2008-08-15 06:59 . 2008-08-15 06:59 708,663 --a------ C:\Users\Boss\pbsetup.zip
2008-08-15 06:59 . 2008-08-15 06:59 9,573 --a------ C:\Windows\pbgame.htm
2008-08-15 06:59 . 2008-08-15 06:59 76 --a------ C:\Windows\pbuser.htm
2008-08-15 02:07 . 2008-08-15 02:07 0 --a------ C:\Users\Boss\CALL.OF.DUTY.4.MW.V1.0.ENG.RAZOR1911.NOCD.ZIP
2008-08-13 21:43 . 2008-08-13 21:43 <DIR> d-------- C:\Windows\Content.IE5
2008-08-12 02:01 . 2008-08-12 02:01 108,336 --a------ C:\Windows\System32\MSWINSCK.OCX
2008-08-11 01:35 . 2008-08-11 01:37 <DIR> d-------- C:\Program Files\shaw
2008-08-11 01:35 . 2003-11-18 00:37 72,192 --a------ C:\Windows\System32\zlib.dll
2008-08-11 01:32 . 2008-08-11 01:32 <DIR> d-------- C:\Program Files\KLC
2008-08-11 01:32 . 2004-08-04 03:56 431,616 --a------ C:\Windows\System32\temp.000
2008-08-11 01:32 . 2000-05-22 00:00 203,976 --a------ C:\Windows\System32\RICHTX32.OCX
2008-08-11 01:32 . 1999-12-07 07:00 61,491 --a------ C:\Windows\System32\wbemdisp.TLB
2008-08-10 05:42 . 2008-08-10 05:53 <DIR> d-------- C:\Users\Boss\AppData\Roaming\Vidalia
2008-08-10 05:42 . 2008-08-10 05:52 <DIR> d-------- C:\Users\Boss\AppData\Roaming\Tor
2008-08-10 05:42 . 2008-08-10 05:42 <DIR> d-------- C:\Program Files\Vidalia
2008-08-10 05:42 . 2008-08-10 05:42 <DIR> d-------- C:\Program Files\Tor
2008-08-10 05:42 . 2008-08-10 05:42 <DIR> d-------- C:\Program Files\Privoxy
2008-08-10 05:22 . 2008-08-10 05:22 <DIR> d-------- C:\Users\Boss\AppData\Roaming\ProxyCap
2008-08-10 05:21 . 2008-08-10 05:21 <DIR> d-------- C:\Program Files\Proxy Labs
2008-08-10 04:48 . 2008-08-11 01:14 <DIR> d-------- C:\Program Files\FreeCap
2008-08-10 04:02 . 2008-08-10 04:02 <DIR> d-------- C:\Naruto_412[SleepyFans]
2008-08-06 20:52 . 2008-05-02 02:38 301,656 --a------ C:\Windows\System32\BtCoreIf.dll
2008-08-06 20:51 . 2008-08-06 20:52 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-08-06 00:51 . 2008-08-10 22:05 396,288 --a------ C:\Windows\System32\HijackThis.exe
2008-08-06 00:51 . 2008-08-10 22:05 362,496 --a------ C:\Windows\System32\hldj_1.4.06.exe
2008-08-05 23:25 . 2008-08-05 23:25 <DIR> d-------- C:\Users\Boss\AppData\Roaming\IGN_DLM
2008-08-05 17:05 . 2008-08-05 17:05 <DIR> d-------- C:\Program Files\Network Associates
2008-08-05 02:54 . 2008-08-05 02:54 165,888 --------- C:\Windows\RICHTX32.OCX
2008-08-04 20:55 . 2008-08-10 20:15 362,496 --a------ C:\hldj_1.4.06.exe
2008-08-04 20:55 . 2008-08-04 20:57 751 --a------ C:\hldj_v1.4.5.zip
2008-08-04 18:52 . 2008-08-04 18:53 <DIR> d-------- C:\Users\Boss\AppData\Roaming\ICQ
2008-08-04 18:51 . 2008-08-05 17:01 <DIR> d-------- C:\Program Files\ICQ6
2008-08-04 15:49 . 2008-08-04 15:49 2,423,179 --a------ C:\dbz_outside_stories_1_in_the_name_of_piccolo_daimao.zip
2008-08-04 06:40 . 2008-08-04 06:40 22 --a------ C:\filejoiner.zip
2008-08-04 06:33 . 2008-08-04 06:53 227 --a------ C:\projects.Stats
2008-08-04 06:32 . 2008-08-06 00:05 <DIR> d-------- C:\Program Files\SoftwarePassport
2008-08-04 06:32 . 2008-08-04 07:13 1,241 --a------ C:\projects.arm
2008-08-04 06:12 . 2008-08-14 03:40 <DIR> d-------- C:\UPX
2008-08-03 00:48 . 2008-08-03 00:48 <DIR> d-------- C:\PSC
2008-08-03 00:48 . 2008-08-03 00:48 <DIR> d-------- C:\Program Files\Common Files\Thraex Software
2008-08-03 00:48 . 2008-08-03 00:48 <DIR> d-------- C:\PacSteamT
2008-08-02 15:09 . 2008-08-14 03:22 <DIR> d-------- C:\New Folder (3)
2008-08-02 14:53 . 2008-08-02 14:53 <DIR> d-------- C:\AKL
2008-08-02 10:04 . 2008-08-02 14:52 <DIR> d-------- C:\Program Files\LeechFTP
2008-08-02 10:04 . 2008-08-10 22:00 18,944 --a------ C:\Windows\eraser.exe
2008-08-02 09:39 . 2008-08-14 03:33 <DIR> d-------- C:\Program Files\HTV
2008-08-02 09:35 . 2008-08-14 03:35 <DIR> d-------- C:\Program Files\PDM
2008-08-01 03:05 . 2008-08-01 03:07 <DIR> d-------- C:\perl2exe
2008-08-01 03:03 . 2008-08-01 03:03 <DIR> d-------- C:\perl
2008-08-01 02:37 . 2008-08-01 02:46 <DIR> d-------- C:\csdos
2008-08-01 00:18 . 2008-08-01 00:18 <DIR> d-------- C:\Naruto_411[Binktopia]
2008-07-31 01:43 . 2008-07-31 01:43 <DIR> d-------- C:\Program Files\East Imperial Soft
2008-07-31 01:43 . 2008-07-31 01:43 <DIR> d-------- C:\MU
2008-07-30 16:36 . 2008-07-30 16:36 <DIR> d-------- C:\UD
2008-07-27 00:07 . 2008-07-27 00:07 <DIR> d-------- C:\Naruto_410[Binktopia]
2008-07-22 17:07 . 2008-07-22 17:07 268 --ah----- C:\sqmdata07.sqm
2008-07-22 17:07 . 2008-07-22 17:07 244 --ah----- C:\sqmnoopt07.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-19 00:05 --------- d-s---w C:\Program Files\HLSW
2008-08-18 23:36 --------- d-----w C:\Program Files\Steam
2008-08-18 11:50 --------- d-----w C:\Users\Boss\AppData\Roaming\uTorrent
2008-08-18 06:29 111,928 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-08-15 14:05 136,888 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-08-14 03:59 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-08-14 03:57 22,328 ----a-w C:\Users\Boss\AppData\Roaming\PnkBstrK.sys
2008-08-11 09:25 --------- d-----w C:\Program Files\Common Files\Steam
2008-08-11 05:07 974,848 ----a-w C:\Windows\UNRecode.exe
2008-08-11 05:07 974,848 ----a-w C:\Windows\UNNeroVision.exe
2008-08-11 05:07 974,848 ----a-w C:\Windows\UNNeroShowTime.exe
2008-08-11 05:07 974,848 ----a-w C:\Windows\UNNeroMediaHome.exe
2008-08-11 05:07 974,848 ----a-w C:\Windows\UNNeroBackItUp.exe
2008-08-11 05:06 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-08-11 05:06 77,312 ----a-w C:\Windows\System32\VCCLSID.exe
2008-08-11 05:06 69,632 ----a-w C:\Windows\System32\TWUNK_32.EXE
2008-08-11 05:06 36,864 ----a-w C:\Windows\System32\OggDSuninst.exe
2008-08-11 05:06 25,600 ----a-w C:\Windows\System32\WS2Fix.exe
2008-08-11 05:06 175,616 ----a-w C:\Windows\System32\strings.exe
2008-08-11 05:02 90,112 ----a-w C:\Windows\System32\atibrtmon.exe
2008-08-11 05:02 81,920 ----a-w C:\Windows\System32\ATIODE.exe
2008-08-11 05:02 40,960 ----a-w C:\Windows\System32\ATIODCLI.exe
2008-08-11 05:01 77,824 ----a-w C:\Windows\KHALMNPR.Exe
2008-08-11 05:00 315,392 ----a-w C:\Windows\HideWin.exe
2008-08-11 04:59 187,392 ----a-w C:\Windows\Acer(Wide).scr
2008-08-11 04:59 187,392 ----a-w C:\Windows\Acer(Normal).scr
2008-08-11 03:15 396,288 ----a-w C:\HijackThis.exe
2008-08-11 03:13 396,288 ----a-w C:\Boss.exe
2008-08-10 04:22 --------- d-----w C:\Program Files\Paltalk Messenger
2008-08-10 04:21 --------- d-----w C:\Users\Boss\AppData\Roaming\Paltalk
2008-08-09 04:19 637 ----a-w C:\Program Files\TTTT.rtf.lnk
2008-08-09 03:20 1,877,243 ----a-w C:\Program Files\TTTT.rtf
2008-08-09 03:13 24,406 ----a-w C:\Program Files\New Text Document.txt
2008-08-07 03:52 --------- d-----w C:\Program Files\Common Files\Logitech
2008-08-07 03:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-06 03:51 --------- d-----w C:\Users\Boss\AppData\Roaming\mIRC
2008-08-06 03:51 --------- d-----w C:\Program Files\mIRC
2008-08-04 14:13 --------- d---a-w C:\ProgramData\TEMP
2008-08-02 16:32 --------- d-----w C:\ProgramData\avg8
2008-06-27 11:52 --------- d-----w C:\Users\Boss\AppData\Roaming\LimeWire
2008-06-25 23:52 176,128 ----a-w C:\Windows\System32\w2pxdrv.dll
2008-06-20 10:33 22 ----a-w C:\Users\Boss\naruto_405.zip
2008-06-12 19:55 444,952 ----a-w C:\Windows\System32\wrap_oal.dll
2008-06-12 19:55 109,080 ----a-w C:\Windows\System32\OpenAL32.dll
2008-06-09 07:13 144,384 ----a-w C:\Windows\System32\miccyhook.dll
2008-06-03 03:35 413,696 ----a-w C:\Windows\System32\ATIDEMGX.dll
2008-06-03 03:35 327,680 ----a-w C:\Windows\System32\atipdlxx.dll
2008-06-03 03:35 159,744 ----a-w C:\Windows\System32\atitmmxx.dll
2008-06-03 03:34 43,520 ----a-w C:\Windows\System32\ati2edxx.dll
2008-06-03 03:34 266,240 ----a-w C:\Windows\System32\Ati2evxx.dll
2008-06-03 03:34 262,144 ----a-w C:\Windows\System32\Oemdspif.dll
2008-06-03 03:33 684,032 ----a-w C:\Windows\System32\Ati2evxx.exe
2008-06-03 03:25 1,563,648 ----a-w C:\Windows\System32\atidxx32.dll
2008-06-03 03:19 3,401,216 ----a-w C:\Windows\System32\atiumdag.dll
2008-06-03 03:02 4,398,080 ----a-w C:\Windows\System32\atiumdva.dll
2008-06-03 02:50 49,664 ----a-w C:\Windows\System32\amdpcom32.dll
2008-06-03 02:49 32,256 ----a-w C:\Windows\System32\atiadlxx.dll
2008-06-03 02:48 10,043,392 ----a-w C:\Windows\System32\atioglxx.dll
2008-04-24 02:25 47,360 ----a-w C:\Users\Boss\AppData\Roaming\pcouffin.sys
2008-04-17 05:11 691 ----a-w C:\Users\Boss\AppData\Roaming\GetValue.vbs
2008-04-17 05:11 35 ----a-w C:\Users\Boss\AppData\Roaming\SetValue.bat
2008-04-14 09:04 101,865 ----a-w C:\Users\Boss\startuplist.zip
2007-10-28 21:55 174 --sha-w C:\Program Files\desktop.ini
2008-05-04 20:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-05-04 20:57 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-05-04 20:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot_2008-08-17_ 0.31.42.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w C:\Windows\erdnt\8-17-2008\ERDNT.EXE
+ 2008-08-17 21:19:07 208,896 ----a-w C:\Windows\erdnt\8-17-2008\Users\00000001\ntuser.dat
+ 2008-08-17 21:19:07 212,992 ----a-w C:\Windows\erdnt\8-17-2008\Users\00000002\ntuser.dat
+ 2008-08-17 21:19:07 4,255,744 ----a-w C:\Windows\erdnt\8-17-2008\Users\00000003\ntuser.dat
+ 2008-08-17 21:19:07 4,636,672 ----a-w C:\Windows\erdnt\8-17-2008\Users\00000004\UsrClass.dat
+ 2005-10-20 19:02:28 163,328 ----a-w C:\Windows\erdnt\AutoBackup\2008-08-17\ERDNT.EXE
+ 2008-08-17 21:36:10 4,255,744 ----a-w C:\Windows\erdnt\AutoBackup\2008-08-17\Users\00000001\ntuser.dat
+ 2008-08-17 21:36:10 4,636,672 ----a-w C:\Windows\erdnt\AutoBackup\2008-08-17\Users\00000002\UsrClass.dat
+ 2005-10-20 19:02:28 163,328 ----a-w C:\Windows\erdnt\AutoBackup\8-17-2008\ERDNT.EXE
+ 2008-08-17 22:05:03 4,255,744 ----a-w C:\Windows\erdnt\AutoBackup\8-17-2008\Users\00000001\ntuser.dat
+ 2008-08-17 22:05:04 4,636,672 ----a-w C:\Windows\erdnt\AutoBackup\8-17-2008\Users\00000002\UsrClass.dat
- 2008-08-11 05:00:32 73,728 ----a-w C:\Windows\fdsv.exe
+ 2000-08-31 15:00:00 89,504 ----a-w C:\Windows\fdsv.exe
- 2008-08-11 05:00:44 80,384 ----a-w C:\Windows\grep.exe
+ 2000-08-31 15:00:00 80,412 ----a-w C:\Windows\grep.exe
- 2008-03-13 15:01:10 29,926 ----a-r C:\Windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2008-08-17 21:49:39 29,926 ----a-r C:\Windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2008-08-17 22:06:51 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-17 22:06:51 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-08-17 07:28:25 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-08-17 22:08:21 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-08-17 07:28:24 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-08-17 22:08:16 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-08-17 22:08:16 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-08-17 07:01:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-17 21:17:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-17 07:01:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-17 21:17:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-17 07:01:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-17 21:17:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-16 21:23:51 70,680 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\settings.dat
+ 2008-08-17 22:05:34 70,680 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\settings.dat
- 2008-08-14 04:45:23 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-08-19 00:06:14 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-08-17 06:28:42 11,946 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3127582598-3418603043-2518255061-1001_UserData.bin
+ 2008-08-17 22:08:43 11,978 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3127582598-3418603043-2518255061-1001_UserData.bin
- 2008-08-17 06:28:42 84,338 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-17 22:08:43 84,478 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-16 21:27:36 57,836 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-17 22:08:42 58,362 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-08-10 21:20 5714944]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 05:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 01:56 4493312 C:\Windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-08-10 22:01 77824 C:\Windows\KHALMNPR.Exe]

C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERSL~1\Kernel\Burner\MKDMP3Enc.ACM

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\Windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Privoxy.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Privoxy.lnk
backup=C:\Windows\pss\Privoxy.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Boss^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
FactoryMode [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
--a------ 2008-08-10 20:23 1261568 C:\Program Files\Acer Assist\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
--a------ 2007-06-15 16:48 326440 C:\Acer\Empowering Technology\SysMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
--a------ 2008-08-10 20:24 3383296 C:\Program Files\Acer Registration\ACE1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-08-10 20:31 34304 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2008-08-10 20:46 2315264 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2008-08-10 20:33 61440 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bdagent]
--a------ 2008-08-10 18:19 368640 C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-08-10 20:47 106496 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bitdefender antiphishing helper]
--a------ 2008-08-10 18:19 61440 C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-06-29 16:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2008-08-10 20:48 167936 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--a------ 2008-08-10 20:11 457216 C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2008-08-10 21:02 167936 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-08-10 21:01 172544 C:\Program Files\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2008-08-10 21:20 5714944 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-08-10 21:04 2215936 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-08-10 20:47 155648 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport]
--a------ 2008-08-10 20:46 433152 C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing]
--a------ 2008-08-10 20:22 204800 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDM Agent]
--a------ 2008-08-10 21:05 510464 C:\Program Files\PDM\PDM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-08-10 21:06 233472 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shawnotify]
--a------ 2008-07-15 15:37 378144 c:\PROGRA~1\shaw\Update\siuloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2006-11-02 05:35 1196032 C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spysweeper]
--a------ 2008-01-04 20:56 5367664 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-08-10 20:34 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-05-05 22:59 1271032 c:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-08-10 21:02 126976 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-07-10 15:30 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 05:36 201728 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2008-08-10 22:01 77824 C:\Windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2006-11-02 05:34 2159104 C:\Windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A5E2F4F9-4ACC-49D9-8E12-34C554A9F1C5}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{CB7A8998-4B1E-4D90-B5D9-67E2D40F82F4}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{D7C7B185-CD7A-4FB4-9C8F-E488FF26D873}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{41DCE02C-9070-4DE4-A4AA-097557D75583}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{9361F589-2C58-4607-9F3E-7EDDFC19A2FB}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{6C205EE7-6E99-49C4-974F-7B80F2BBA6F0}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{5A8AD70F-9DD5-4D8A-9B7C-E626EC865F3A}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{A6F6AFBC-E5E3-4FE5-99E2-7A541B465AFF}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{712344DC-3475-4A33-8CE2-9D00FC463310}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{287BA272-D032-433E-A8A7-6AEDD2FA4BEC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0D5264A-98A1-4CDB-B73A-87736FBCEA20}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{3C8ECEDC-D424-4B98-B403-3AF4A394DD2A}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{998EDADF-65F7-4ED7-BD23-D9AAF420769A}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{B1037FA5-CB88-4F8E-A3E5-851189B3BF45}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{9F614491-7339-4FDC-B9EB-6CD48575C958}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{6D6DCD2A-740B-4E54-B68E-A2BCBB2BEBA0}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{16AA6F9C-957B-435F-ACF1-C2C50D48B9A2}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
"{12591F3D-5523-4A1C-A864-560E0A37FBC8}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
"{C14AB52F-31A8-4107-B71F-15461DFAD792}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{25857231-D771-4C01-8B58-8A1A2C0D0477}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"TCP Query User{E3044BC8-6061-45DA-BB11-A6D4F25C4F2A}C:\\program files\\bittornado\\btdownloadgui.exe"= UDP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"UDP Query User{8496F8D9-EC27-429A-B88E-DD15C7E85E2C}C:\\program files\\bittornado\\btdownloadgui.exe"= TCP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"{6CA13711-570A-485E-96AB-A896129956F0}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{3C5B1A79-646C-4CBA-AD98-77167144067E}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{777150B1-0CF5-4C3A-A3AA-D0DCA50D683B}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{5BE49B3C-6BD0-4EBC-80CD-C652A572F293}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{7128608F-0F06-4D25-8E22-7F767D2FF67D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{B4C66867-FD4B-4822-A29C-13FDDA056869}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3EC75B3C-CE3C-46D9-83D2-4B8D021214F9}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{BF964E2A-A089-4345-87A0-A56C1E7FCDEC}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{8A7C66C0-C5E9-4F0C-8ACB-8AEE5E2F8C7A}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{6E713BA8-F107-4CC3-9AB6-8EB272CD542D}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{E5EDF402-75F4-4E9B-9970-2E8A455DF1FF}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{F887BB54-0725-4284-B808-AF68A9D8F9FB}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"TCP Query User{B4BD7D29-C84E-4226-8D0E-90ED0494507C}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{7011DE3F-C482-462C-A5CE-55FB6DC58654}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"{5ADD0E4A-93B4-4A76-B13C-CABFCE8006BA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4B899C01-B222-4B88-A766-7DC5448E592A}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{DD810CF9-628D-48A1-8C7F-A078C7A970D7}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{017FDD7E-5BDF-41B4-9CCB-E3ECEC565734}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{B3C8C70A-BB7D-4505-959D-4BD0921E695B}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{D1F3C5CC-4740-440F-BEE0-E1B3C1DE3AE3}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{53E5F994-E9BE-437D-BC25-DBD73DDB8EC4}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{A3E646ED-24AC-4177-AE83-7BEBFED3890C}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{54E51792-72D8-4E4A-8581-AE5178E7A59E}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{A9BAB426-4033-4883-9FF0-13F37CC08A8C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{334998E6-F357-4F5C-96FA-2ADAB0793A2D}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{3B3A5C43-D85D-42BC-81D5-95713A305B6F}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{81DF5325-5AC1-4B10-B4E0-B34FA014C5E2}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{86D111F0-8477-4601-A82B-A2116CEBE22E}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{34AAF90A-3A83-4CF3-BA84-9DC5FEC03A30}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{CFEE345A-23C2-4766-A9AF-EA9A5AF8815E}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{4AB10BCD-5A29-4A1E-8119-A5B83772CF74}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{9C0D7124-827A-45FA-A459-4DCA4C543C0E}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{E1CC601A-9539-42D4-9649-3871543464BA}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{6CF6F292-EB84-47F4-9B7D-334357098836}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{C9EE32B1-CE7B-4E63-9DF6-FD196DF213DE}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{138F8688-DFD4-4BF0-ACFF-DABB1C8F6A99}"= UDP:C:\Program Files\Codemasters\GRID\GRID.exe:GRID
"{7AD2649E-F774-49E9-B7CE-172B7EEFB418}"= TCP:C:\Program Files\Codemasters\GRID\GRID.exe:GRID
"{FDD21130-BE5D-49CB-B3CE-73BB241AAB0F}"= UDP:D:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{DA59371D-7337-40EE-A316-2C58361FE745}"= TCP:D:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{B5110496-8C6A-4F9E-8C94-987AEC39788B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {550542C4-3186-48D4-9701-CE8FC3FD0832}

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-08-05 17:39]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2008-08-05 18:03]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 20:34]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-02 23:22]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-10-28 14:33]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2008-04-27 06:22]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-08-11 02:21]
S3 DHTRACE;Intel® DHTrace Controller;C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2008-08-10 20:46]
S3 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-11-20 21:42]
S3 IntelDHSvcConf;IntelDHSvcConf;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe []
S3 NMSCore;Intel® NMSCore;C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2008-08-10 20:46]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-06-21 13:55]
S3 QualityManager;Intel® Quality Manager;C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2008-08-10 21:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\autorun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5eff3f94-86d1-11dc-8b87-0019212f80c2}]
\shell\AutoRun\command - K:\setup\rsrc\Autorun.exe
\shell\dinstall\command - K:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd405468-98b9-11dc-9911-0019212f80c2}]
\shell\AutoRun\command - N:\autorun.exe

*Newly Created Service* - COMHOST
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 17:09:17
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Users\Boss\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_B610_E9D7_10E9_9F1D\$db_clean$ 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-08-18 17:10:56
ComboFix-quarantined-files.txt 2008-08-19 00:10:43
ComboFix2.txt 2008-08-17 21:56:53
ComboFix3.txt 2008-08-17 07:32:43
ComboFix4.txt 2008-04-30 01:57:35
ComboFix5.txt 2008-08-19 00:03:03

Pre-Run: 26,822,041,600 bytes free
Post-Run: 26,712,694,784 bytes free

452 --- E O F --- 2007-10-28 21:52:25
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems then

Now the best part of the day ----- Your log now appears clean :)

A good workman allways cleans up after himself so...Download and run this small programme and hit the cleanup button. It will remove all the programmes we have used plus itself

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#10
Terryc250

Terryc250

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

[*]Select Start > All Programs > Accessories > System tools > System Restore.


There is no "System Restore" there :S
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there just call me dummy :) That works perfectly for XP but you have Vista

Go to Control Panel and select System and Maintenance
Select System
On the left select Advance System Settings
Accept the warning
Select System Protection Tab
Select Create at the bottom
Type in a name i.e. Clean
Select Create

Then going back to the System and Maintenance page
Select Performance Information and Tools
On the left select Open Disk Cleanup
Select Files from all users
Accept the warning
In the drop down box selec your main drive i.e. C
For a few moments the system will make some calculations
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select delete on the pop up
Select OK
Select Delete
You are now done
  • 0

#12
Terryc250

Terryc250

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Yay all done, thanks a lot Essexboy.
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP