Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan removal [RESOLVED]

Started by duglartis , Aug 23 2008 03:21 AM

  • This topic is locked This topic is locked

#1
duglartis
Posted 23 August 2008 - 03:21 AM

duglartis

    Member

  • Member
  • PipPipPip
  • 159 posts
hi there
i have had a go at removing a trojan and was hoping someone would check to see if ths log file is clean
thanks for your help
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:13, on 23/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll miqtqm.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 4850 bytes
  • 0

Advertisements

#2
Essexboy
Posted 27 August 2008 - 05:03 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay - If I may have a fresh look at your system

Download OTViewIt to your desktop.
  • Close all windows and double click OTViewIt
  • Place a tick in the Scan all Users box
  • Click Run Scan and let the program run uninterrupted
  • On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post.

  • 0

#3
duglartis
Posted 28 August 2008 - 12:01 AM

duglartis

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 159 posts
Hi thanks for the reply here are the logs
OTViewIt logfile created on: 28/08/2008 5:57:10 PM - Run 1
OTViewIt by OldTimer - Version 1.0.0.15 Folder = C:\Documents and Settings\dugz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

767.49 Mb Total Physical Memory | 501.15 Mb Available Physical Memory | 65.30% Memory free
1.83 Gb Paging File | 1.58 Gb Available in Paging File | 86.38% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.52 Gb Total Space | 2.84 Gb Free Space | 14.53% Space Free | Partition Type: FAT32
Drive D: | 9.30 Gb Total Space | 2.85 Gb Free Space | 30.65% Space Free | Partition Type: FAT32
Drive E: | 37.79 Gb Total Space | 16.64 Gb Free Space | 44.04% Space Free | Partition Type: NTFS
Drive F: | 17.73 Gb Total Space | 1.42 Gb Free Space | 8.03% Space Free | Partition Type: FAT32
Drive G: | 65.20 Gb Total Space | 2.75 Gb Free Space | 4.22% Space Free | Partition Type: FAT32
Drive H: | 111.26 Gb Total Space | 40.99 Gb Free Space | 36.84% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: HOME-9NTQ7IVYXR
Current User Name: dugz
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On

===== Processes - Non-Microsoft Only =====

[08/30/2005 09:05 PM | 00,344,064 | ---- | M] (ATI Technologies, Inc.) - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[07/05/2008 04:33 PM | 01,232,152 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\PROGRA~1\AVG\AVG8\avgtray.exe
[07/05/2008 04:33 PM | 00,231,192 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
[03/06/2007 10:35 AM | 00,198,168 | ---- | M] (InterVideo Inc.) - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
[03/03/2007 01:48 PM | 00,067,056 | ---- | M] (Ulead Systems, Inc.) - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[07/05/2008 04:33 PM | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\PROGRA~1\AVG\AVG8\avgrsx.exe
[07/05/2008 04:33 PM | 00,873,752 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\PROGRA~1\AVG\AVG8\avgemc.exe

===== Win32 Services - Non-Microsoft Only =====

(ATI Smart) ATI Smart [Auto | Stopped]
[08/30/2005 09:05 PM | 00,516,096 | ---- | M] () - C:\WINDOWS\system32\ati2sgag.exe

(avg8emc) AVG8 E-mail Scanner [Auto | Running]
[07/05/2008 04:33 PM | 00,873,752 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\PROGRA~1\AVG\AVG8\avgemc.exe

(avg8wd) AVG8 WatchDog [Auto | Running]
[07/05/2008 04:33 PM | 00,231,192 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

(Capture Device Service) Capture Device Service [Auto | Running]
[03/06/2007 10:35 AM | 00,198,168 | ---- | M] (InterVideo Inc.) - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

(UleadBurningHelper) Ulead Burning Helper [Auto | Running]
[03/03/2007 01:48 PM | 00,067,056 | ---- | M] (Ulead Systems, Inc.) - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

===== Driver Services - Non-Microsoft Only =====

(AvgLdx86) AVG AVI Loader Driver x86 [System | Running]
[07/05/2008 04:33 PM | 00,096,520 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\Drivers\avgldx86.sys

(AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [System | Running]
[07/05/2008 04:33 PM | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\Drivers\avgmfx86.sys

(AvgTdiX) AVG8 Network Redirector [Auto | Running]
[07/05/2008 04:33 PM | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\Drivers\avgtdix.sys

(DCamUSBMke) USB Video Camera for Panasonic Digital Palmcorder [On_Demand | Stopped]
[12/18/2001 11:38 AM | 00,041,729 | ---- | M] (Matsushita Kotobuki Electronics Industries,Ltd.) - C:\WINDOWS\System32\Drivers\Mkeusbi.sys

(es1371) Creative AudioPCI (ES1371,ES1373) (WDM) [On_Demand | Running]
[08/17/2001 12:19 PM | 00,040,704 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\es1371mp.sys

(MKEMUSB) Panasonic Digital Palmcorder [Auto | Stopped]
[08/08/2001 06:52 PM | 00,014,308 | ---- | M] (Matsushita Kotobuki Electronics Industries, Ltd.) - C:\WINDOWS\System32\Drivers\Mkemusb.sys

(pavboot) pavboot [Boot | Running]
[06/19/2008 05:24 PM | 00,028,544 | ---- | M] (Panda Security, S.L.) - C:\WINDOWS\system32\drivers\pavboot.sys

(rtl8029) Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver [On_Demand | Running]
[08/17/2001 12:12 PM | 00,019,017 | ---- | M] (Realtek Semiconductor Corporation) - C:\WINDOWS\System32\DRIVERS\RTL8029.SYS

(sfdrv01) StarForce Protection Environment Driver (version 1.x) [Boot | Running]
[08/11/2005 01:44 AM | 00,050,688 | ---- | M] (Protection Technology) - C:\WINDOWS\System32\drivers\sfdrv01.sys

(sfhlp02) StarForce Protection Helper Driver (version 2.x) [Boot | Running]
[05/17/2005 02:20 AM | 00,006,656 | ---- | M] (Protection Technology) - C:\WINDOWS\System32\drivers\sfhlp02.sys

(sfsync03) StarForce Protection Synchronization Driver (version 3.x) [Boot | Running]
[12/07/2005 04:11 AM | 00,035,328 | ---- | M] (Protection Technology) - C:\WINDOWS\System32\drivers\sfsync03.sys

(WmBEnum) Logitech Virtual Bus Enumerator Driver [On_Demand | Running]
[05/14/2003 01:42 PM | 00,010,144 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\WmBEnum.sys

(WmFilter) Logitech WingMan HID Filter Driver [On_Demand | Running]
[05/14/2003 01:42 PM | 00,021,216 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\WmFilter.sys

(WmHidLo) Logitech WingMan USB Filter Driver [On_Demand | Running]
[05/14/2003 01:42 PM | 00,013,920 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\WmHidLo.sys

(WmVirHid) Logitech Virtual Hid Device Driver [On_Demand | Stopped]
[05/14/2003 01:42 PM | 00,005,728 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\WmVirHid.sys

(WmXlCore) Logitech WingMan Translation Layer Driver [On_Demand | Running]
[05/14/2003 01:42 PM | 00,044,288 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\WmXlCore.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/30/2005 09:05 PM | 00,344,064 | ---- | M] (ATI Technologies, Inc.)
"AVG8_TRAY" = C:\PROGRA~1\AVG\AVG8\avgtray.exe [07/05/2008 04:33 PM | 01,232,152 | ---- | M] (AVG Technologies CZ, s.r.o.)
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [12/11/2007 10:56 AM | 00,286,720 | ---- | M] (Apple Inc.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"UVS11 Preload" = C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [07/23/2007 01:55 PM | 00,341,232 | ---- | M] (InterVideo Digital Technology Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-1343024091-764733703-2147105715-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup]

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[04/23/2008 03:38 AM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[Default User.WINDOWS Startup Folder - C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup]

[All Users.WINDOWS Startup Folder - C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup]
[04/23/2008 03:38 AM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[dugz Startup Folder - C:\Documents and Settings\dugz\Start Menu\Programs\Startup]
[07/27/2008 08:45 PM | 00,225,280 | ---- | M] (Leader Technologies) - C:\Documents and Settings\dugz\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [02/22/2008 04:25 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
HKLM CLSID: (AVG Security Toolbar) - [07/05/2008 04:33 PM | 02,055,960 | ---- | M] (AVG, Technologies CZ, s.r.o ) C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"
HKLM CLSID: (AVG Security Toolbar) - [07/05/2008 04:33 PM | 02,055,960 | ---- | M] (AVG, Technologies CZ, s.r.o ) C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{A057A204-BACC-4D26-9990-79A187E2698E}"
HKLM CLSID: (AVG Security Toolbar) - [07/05/2008 04:33 PM | 02,055,960 | ---- | M] (AVG, Technologies CZ, s.r.o ) C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_USERS\S-1-5-21-1343024091-764733703-2147105715-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{A057A204-BACC-4D26-9990-79A187E2698E}"
HKLM CLSID: (AVG Security Toolbar) - [07/05/2008 04:33 PM | 02,055,960 | ---- | M] (AVG, Technologies CZ, s.r.o ) C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun" = 67108863
"NoDriveTypeAutoRun" = 255
"NoDrives" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"DisableRegistryTools" = 0
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"NoDrives" = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-21-1343024091-764733703-2147105715-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"NoDrives" = 0

[HKEY_USERS\S-1-5-21-1343024091-764733703-2147105715-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_USERS\S-1-5-21-1343024091-764733703-2147105715-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0

===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls]
"avgrsstx.dll miqtqm.dll" - File not found

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/14/2008 12:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [04/14/2008 06:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/14/2008 12:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [04/14/2008 06:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe [04/19/2008 07:21 AM | 00,147,456 | ---- | M] (Lime Wire, LLC)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe [07/03/2008 12:19 PM | 00,640,280 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe [07/05/2008 04:33 PM | 00,873,752 | ---- | M] (AVG Technologies CZ, s.r.o.)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04/14/2008 12:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\Explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/14/2008 12:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/14/2008 12:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/14/2008 12:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\System32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/14/2008 12:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DllName" = C:\WINDOWS\system32\Ati2evxx.dll [08/31/2005 03:37 PM | 00,046,080 | ---- | M] (ATI Technologies Inc.)

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====
Unable to open key or key not present!


===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{1E71B8EA-6565-4189-BC64-A1D861E35BA5}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{261DDC14-8F6C-468B-B15D-5C58E9A4C22C}]
Servers: | Description: 1394 Net Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{5289CFDB-3CA3-41D0-8913-7388CE12C747}]
Servers: | Description: Realtek RTL8029(AS)-based Ethernet Adapter (Generic)

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[05/13/2007 10:46 AM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ FAT32 ]

AUTOEXEC.BAT []
[02/24/2003 12:48 AM | 00,000,000 | ---- | M] () D:\AUTOEXEC.BAT [ FAT32 ]

Autoexec.glb [SET PATH=%PATH%;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG | ]
[03/15/2004 04:28 PM | 00,000,052 | ---- | M] () D:\Autoexec.glb [ FAT32 ]

AUTOEXEC._AV [SET PATH=%PATH%;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG | ]
[05/29/2004 01:06 AM | 00,000,052 | ---- | M] () D:\AUTOEXEC._AV [ FAT32 ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{235827f0-f2d7-11dc-84cb-00a04b090913}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{235827f0-f2d7-11dc-84cb-00a04b090913}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 12:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{235827f0-f2d7-11dc-84cb-00a04b090913}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5275e110-5d3a-11dd-853d-00a04b090913}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5275e110-5d3a-11dd-853d-00a04b090913}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 12:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5275e110-5d3a-11dd-853d-00a04b090913}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82d4a050-f4b0-11dc-84ce-00a04b090913}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82d4a050-f4b0-11dc-84ce-00a04b090913}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 12:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82d4a050-f4b0-11dc-84ce-00a04b090913}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3a82280-bcb0-11dc-8497-00a04b090913}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3a82280-bcb0-11dc-8497-00a04b090913}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 12:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3a82280-bcb0-11dc-8497-00a04b090913}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2db44e0-b430-11dc-8484-00a04b090913}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2db44e0-b430-11dc-8484-00a04b090913}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 12:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2db44e0-b430-11dc-8484-00a04b090913}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2db44e2-b430-11dc-8484-00a04b090913}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2db44e2-b430-11dc-8484-00a04b090913}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 12:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2db44e2-b430-11dc-8484-00a04b090913}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\Shell\AutoRun]
"" = Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\Shell\AutoRun\command]
"" = K:\LaunchU3.exe File not found

===== Hosts File =====

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



[Files/Folders - Created Within 30 days]
[08/23/2008 06:32 PM | -HSD | C] - C:\FOUND.000
[08/23/2008 08:24 PM | ---D | C] - C:\_OTMoveIt
[08/23/2008 08:32 PM | ---D | C] - C:\QooBox
[08/23/2008 07:51 PM | 00,028,544 | ---- | C] (Panda Security, S.L.) - C:\WINDOWS\System32\drivers\pavboot.sys
[2 C:\WINDOWS\System32\*.tmp files]
[08/17/2008 01:30 PM | 00,000,974 | ---- | C] () - C:\WINDOWS\System32\pid.inf
[08/17/2008 02:10 PM | ---D | C] - C:\WINDOWS\System32\en
[08/17/2008 02:10 PM | ---D | C] - C:\WINDOWS\System32\scripting
[08/23/2008 08:11 PM | 00,002,170 | ---- | C] () - C:\WINDOWS\System32\tmp.reg
[08/23/2008 08:11 PM | 00,025,600 | ---- | C] () - C:\WINDOWS\System32\WS2Fix.exe
[08/23/2008 08:11 PM | 00,051,200 | ---- | C] () - C:\WINDOWS\System32\dumphive.exe
[08/23/2008 08:11 PM | 00,053,248 | ---- | C] (http://www.beyondlogic.org) - C:\WINDOWS\System32\Process.exe
[08/23/2008 08:11 PM | 00,082,432 | ---- | C] (S!Ri.URZ) - C:\WINDOWS\System32\404Fix.exe
[08/23/2008 08:11 PM | 00,082,432 | ---- | C] (S!Ri.URZ) - C:\WINDOWS\System32\IEDFix.C.exe
[08/23/2008 08:11 PM | 00,086,528 | ---- | C] (S!Ri.URZ) - C:\WINDOWS\System32\VACFix.exe
[08/23/2008 08:11 PM | 00,087,552 | ---- | C] (S!Ri.URZ) - C:\WINDOWS\System32\AntiXPVSTFix.exe
[08/23/2008 08:11 PM | 00,288,417 | ---- | C] (S!Ri) - C:\WINDOWS\System32\SrchSTS.exe
[08/23/2008 08:11 PM | 00,289,144 | ---- | C] (S!Ri) - C:\WINDOWS\System32\VCCLSID.exe
[08/28/2008 05:53 PM | 00,000,142 | ---- | C] () - C:\WINDOWS\System32\spupdsvc.inf
[4 C:\WINDOWS\*.tmp files]
[08/17/2008 02:10 PM | ---D | C] - C:\WINDOWS\l2schemas
[08/17/2008 02:20 PM | ---D | C] - C:\WINDOWS\Prefetch
[08/23/2008 08:32 PM | 00,028,672 | ---- | C] (NirSoft) - C:\WINDOWS\Nircmd.exe
[08/23/2008 08:32 PM | 00,049,152 | ---- | C] () - C:\WINDOWS\VFind.exe
[08/23/2008 08:32 PM | 00,068,096 | ---- | C] () - C:\WINDOWS\zip.exe
[08/23/2008 08:32 PM | 00,080,412 | ---- | C] () - C:\WINDOWS\grep.exe
[08/23/2008 08:32 PM | 00,089,504 | ---- | C] (Smallfrogs Studio) - C:\WINDOWS\fdsv.exe
[08/23/2008 08:32 PM | 00,098,816 | ---- | C] () - C:\WINDOWS\sed.exe
[08/23/2008 08:32 PM | 00,136,704 | ---- | C] (SteelWerX) - C:\WINDOWS\swsc.exe
[08/23/2008 08:32 PM | 00,161,792 | ---- | C] (SteelWerX) - C:\WINDOWS\swreg.exe
[08/23/2008 08:32 PM | 00,212,480 | ---- | C] (SteelWerX) - C:\WINDOWS\swxcacls.exe
[08/23/2008 08:33 PM | ---D | C] - C:\WINDOWS\erdnt
[08/23/2008 08:42 PM | ---D | C] - C:\WINDOWS\temp
[08/28/2008 05:52 PM | ---D | C] - C:\WINDOWS\LastGood
[08/23/2008 08:52 PM | ---D | C] - C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[08/23/2008 08:52 PM | ---D | C] - C:\Documents and Settings\dugz\Application Data\Malwarebytes
[08/23/2008 07:21 PM | 01,575,506 | -H-- | C] () - C:\Documents and Settings\dugz\Local Settings\Application Data\IconCache.db
[08/23/2008 09:12 PM | ---D | C] - C:\Documents and Settings\dugz\My Documents\Hijack
[08/23/2008 08:52 PM | 00,000,600 | ---- | C] () - C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[08/23/2008 08:10 PM | 01,572,180 | ---- | C] () - C:\Documents and Settings\dugz\Desktop\SmitfraudFix.exe
[08/23/2008 08:10 PM | ---D | C] - C:\Documents and Settings\dugz\Desktop\SmitfraudFix
[08/23/2008 08:29 PM | 02,720,466 | R--- | C] () - C:\Documents and Settings\dugz\Desktop\ComboFix.exe
[08/23/2008 08:41 PM | 00,000,399 | ---- | C] () - C:\Documents and Settings\dugz\Desktop\heavy weather 2.0 beta release.lnk
[08/23/2008 08:41 PM | 00,000,631 | ---- | C] () - C:\Documents and Settings\dugz\Desktop\Launch Logitech Gaming Software.lnk
[08/23/2008 08:41 PM | 00,001,379 | ---- | C] () - C:\Documents and Settings\dugz\Desktop\Windows Explorer.lnk
[08/23/2008 09:18 PM | 00,001,638 | ---- | C] () - C:\Documents and Settings\dugz\Desktop\HijackThis.lnk
[08/06/2008 09:11 PM | ---D | C] - C:\Program Files\rFactor
[08/08/2008 05:44 PM | ---D | C] - C:\Program Files\EasyWeather
[08/23/2008 08:52 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/23/2008 09:18 PM | ---D | C] - C:\Program Files\Trend Micro

[Files/Folders - Modified Within 30 days]
[08/17/2008 02:02 PM | 00,250,048 | RHS- | M] () - C:\ntldr
[08/21/2008 09:07 PM | 00,000,528 | ---- | M] () - C:\hpfr5550.xml
[08/23/2008 06:32 PM | -HSD | M] - C:\FOUND.000
[08/23/2008 08:24 PM | ---D | M] - C:\_OTMoveIt
[08/23/2008 08:32 PM | ---D | M] - C:\QooBox
[2 C:\WINDOWS\System32\*.tmp files]
[08/14/2008 09:52 PM | 00,082,432 | ---- | M] (S!Ri.URZ) - C:\WINDOWS\System32\IEDFix.C.exe
[08/17/2008 02:10 PM | ---D | M] - C:\WINDOWS\System32\en
[08/17/2008 02:10 PM | ---D | M] - C:\WINDOWS\System32\scripting
[08/17/2008 02:20 PM | 00,253,472 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[08/17/2008 02:22 PM | 00,040,196 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/17/2008 02:22 PM | 00,311,934 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/17/2008 02:22 PM | 00,356,120 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/18/2008 12:19 PM | 00,082,432 | ---- | M] (S!Ri.URZ) - C:\WINDOWS\System32\404Fix.exe
[08/21/2008 11:41 PM | 00,087,552 | ---- | M] (S!Ri.URZ) - C:\WINDOWS\System32\AntiXPVSTFix.exe
[08/23/2008 08:12 PM | 00,002,170 | ---- | M] () - C:\WINDOWS\System32\tmp.reg
[08/28/2008 05:53 PM | 00,000,142 | ---- | M] () - C:\WINDOWS\System32\spupdsvc.inf
[08/28/2008 05:53 PM | 00,002,206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[4 C:\WINDOWS\*.tmp files]
[08/17/2008 02:10 PM | ---D | M] - C:\WINDOWS\l2schemas
[08/17/2008 02:17 PM | 00,002,675 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/17/2008 02:20 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/23/2008 08:33 PM | ---D | M] - C:\WINDOWS\erdnt
[08/23/2008 08:41 PM | 00,000,227 | ---- | M] () - C:\WINDOWS\system.ini
[08/23/2008 08:42 PM | ---D | M] - C:\WINDOWS\temp
[08/28/2008 05:47 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/28/2008 05:52 PM | ---D | M] - C:\WINDOWS\LastGood
[08/28/2008 05:47 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/23/2008 08:52 PM | ---D | M] - C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[08/23/2008 08:52 PM | ---D | M] - C:\Documents and Settings\dugz\Application Data\Malwarebytes
[08/27/2008 08:46 PM | 00,125,440 | ---- | M] () - C:\Documents and Settings\dugz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/27/2008 09:17 PM | 01,575,506 | -H-- | M] () - C:\Documents and Settings\dugz\Local Settings\Application Data\IconCache.db
[08/23/2008 09:12 PM | ---D | M] - C:\Documents and Settings\dugz\My Documents\Hijack
[08/23/2008 08:52 PM | 00,000,600 | ---- | M] () - C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[08/17/2008 07:47 PM | 00,001,379 | ---- | M] () - C:\Documents and Settings\dugz\Desktop\Windows Explorer.lnk
[08/21/2008 11:59 PM | ---D | M] - C:\Documents and Settings\dugz\Desktop\SmitfraudFix
[08/23/2008 08:10 PM | 01,572,180 | ---- | M] () - C:\Documents and Settings\dugz\Desktop\SmitfraudFix.exe
[08/23/2008 08:29 PM | 02,720,466 | R--- | M] () - C:\Documents and Settings\dugz\Desktop\ComboFix.exe
[08/23/2008 09:18 PM | 00,001,638 | ---- | M] () - C:\Documents and Settings\dugz\Desktop\HijackThis.lnk

< End of report >
OTViewIt Extras logfile created on: 28/08/2008 5:57:10 PM - Run 1
OTViewIt by OldTimer - Version 1.0.0.15 Folder = C:\Documents and Settings\dugz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

767.49 Mb Total Physical Memory | 501.15 Mb Available Physical Memory | 65.30% Memory free
1.83 Gb Paging File | 1.58 Gb Available in Paging File | 86.38% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.52 Gb Total Space | 2.84 Gb Free Space | 14.53% Space Free | Partition Type: FAT32
Drive D: | 9.30 Gb Total Space | 2.85 Gb Free Space | 30.65% Space Free | Partition Type: FAT32
Drive E: | 37.79 Gb Total Space | 16.64 Gb Free Space | 44.04% Space Free | Partition Type: NTFS
Drive F: | 17.73 Gb Total Space | 1.42 Gb Free Space | 8.03% Space Free | Partition Type: FAT32
Drive G: | 65.20 Gb Total Space | 2.75 Gb Free Space | 4.22% Space Free | Partition Type: FAT32
Drive H: | 111.26 Gb Total Space | 40.99 Gb Free Space | 36.84% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = ComFile] - File not found -
.exe [@ = exefile] - File not found -
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== HKEY_LOCAL_MACHINE Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{0297C87B-CC40-446F-865A-031B4FC0CF22}" = Race Driver 3
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}" = upapp
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D2E05C0-064C-4F12-8173-6EBAD61E7F93}" = World of Outlaws Sprint Cars
"{93EC14D5-7AAA-4EAD-BB75-013817A96598}" = Logitech Gaming Software
"{9919E625-F1EC-4945-AC40-83BEE74B78CC}" =
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4B338BD-4C93-4531-B5BB-7F0E5EB7340B}" =
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B9D129A6-EA21-11D4-85E7-0040053BA3BA}" = JavaPipe
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{F68794FD-9BBA-44FB-976C-4FCE2B447476}" = Palmcorder USB Device Driver 2.00
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG Free 8.0
"AVIcodec" = AVIcodec (remove only)
"DivX DVD Ripper" = DivX DVD Ripper 1.2
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"HijackThis" = HijackThis 2.0.2
"hp deskjet 5550 series" = hp deskjet 5550 series (Remove only)
"hp print screen utility" = hp print screen utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911565" = Security Update for Windows Media Player 9 (KB911565)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB939683" = Hotfix for Windows Media Player 11 (KB939683)
"KB941569" = Security Update for Windows XP (KB941569)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB951978" = Update for Windows XP (KB951978)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"LimeWire" = LimeWire 4.16.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ST6UNST #1" = Two Stroke Engine Expansion Chamber Design Utility
"ST6UNST #2" = Crank Angle-Piston Displacement Table Construction Utility
"ST6UNST #3" = MOTA Demonstration
"WgaNotify" = Windows Genuine Advantage Notifications (KB905474)
"WinAce Archiver" = WinAce Archiver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

===== HKEY_CURRENT_USER Uninstall List =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SBS Modifieds" = SBS Modifieds

===== HKEY_USERS Uninstall List =====


===== HKEY_USERS Uninstall List =====


===== HKEY_USERS Uninstall List =====


===== HKEY_USERS Uninstall List =====


===== HKEY_USERS Uninstall List =====

[HKEY_USERS\S-1-5-21-1343024091-764733703-2147105715-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SBS Modifieds" = SBS Modifieds

===== Winsock2 Catalogs =====

===== HKEY_LOCAL_MACHINE Protocol Defaults =====


===== HKEY_CURRENT_USER Protocol Defaults =====


===== HKEY_USERS Protocol Defaults =====


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell - shell protocol not assigned

===== HKEY_USERS Protocol Defaults =====


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell - shell protocol not assigned

===== HKEY_USERS Protocol Defaults =====


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell - shell protocol not assigned

===== HKEY_USERS Protocol Defaults =====


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell - shell protocol not assigned

===== HKEY_USERS Protocol Defaults =====


===== Protocol Handlers =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKLM - XPLPPFilter Class]
[07/05/2008 04:33 PM | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll
msdaipp: [HKLM - No CLSID value]

===== Protocol Filters =====

< End of report >
  • 0

#4
Essexboy
Posted 28 August 2008 - 04:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That looks OK to me - how is your system running ?

Could you run MBAM so that I can see if that finds anything

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#5
duglartis
Posted 28 August 2008 - 11:43 PM

duglartis

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 159 posts
hi system seems to be running ok here is the log file looks clean nothing detected :)
Malwarebytes' Anti-Malware 1.25
Database version: 1093
Windows 5.1.2600 Service Pack 3

5:41:00 PM 29/08/2008
mbam-log-08-29-2008 (17-41-00).txt

Scan type: Quick Scan
Objects scanned: 47532
Time elapsed: 4 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
Essexboy
Posted 29 August 2008 - 02:16 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Now the best part of the day ----- Your log now appears clean :)

A good workman allways cleans up after himself so...Download and run this small programme and hit the cleanup button. It will remove all the programmes we have used plus itself

XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done

VISTA
To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete
You are now done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#7
duglartis
Posted 29 August 2008 - 03:00 AM

duglartis

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 159 posts
:) AWESOME thank you guys
Have great day
  • 0

#8
Essexboy
Posted 29 August 2008 - 04:35 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP