Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IRCbot [RESOLVED]


  • This topic is locked This topic is locked

#46
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
yes
  • 0

Advertisements


#47
synesthesia

synesthesia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Here's the combofix log. Am I supposed to post the dr.web thing too?



ComboFix 08-08-30.03 - Soleil Robichaud 2008-08-31 12:30:53.5 - NTFSx86
Running from: C:\Documents and Settings\Soleil Robichaud\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Soleil Robichaud\Application Data\macromedia\Flash Player\#SharedObjects\FUYZS8F5\bin.clearspring.com
C:\Documents and Settings\Soleil Robichaud\Application Data\macromedia\Flash Player\#SharedObjects\FUYZS8F5\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Soleil Robichaud\Application Data\macromedia\Flash Player\#SharedObjects\FUYZS8F5\interclick.com
C:\Documents and Settings\Soleil Robichaud\Application Data\macromedia\Flash Player\#SharedObjects\FUYZS8F5\interclick.com\ud.sol
C:\Documents and Settings\Soleil Robichaud\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Soleil Robichaud\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Soleil Robichaud\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Soleil Robichaud\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Soleil Robichaud\Cookies\soleil [email protected][1].txt
C:\Documents and Settings\Trevor Robichaud\Application Data\macromedia\Flash Player\#SharedObjects\R6B6SHBX\bin.clearspring.com
C:\Documents and Settings\Trevor Robichaud\Application Data\macromedia\Flash Player\#SharedObjects\R6B6SHBX\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Trevor Robichaud\Application Data\macromedia\Flash Player\#SharedObjects\R6B6SHBX\interclick.com
C:\Documents and Settings\Trevor Robichaud\Application Data\macromedia\Flash Player\#SharedObjects\R6B6SHBX\interclick.com\ud.sol
C:\Documents and Settings\Trevor Robichaud\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Trevor Robichaud\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Trevor Robichaud\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Trevor Robichaud\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Trevor Robichaud\Cookies\trevor [email protected][2].txt

.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-31 )))))))))))))))))))))))))))))))
.

2008-08-30 19:55 . 2008-08-30 20:24 <DIR> d-------- C:\Documents and Settings\Soleil Robichaud\DoctorWeb
2008-08-30 09:49 . 2008-08-30 09:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-30 09:49 . 2008-08-30 09:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-28 20:47 . 2008-08-28 20:54 345 --a------ C:\WINDOWS\gmer.ini
2008-08-28 09:32 . 2008-08-28 09:32 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-28 09:14 . 2008-08-28 09:14 137 --a------ C:\WINDOWS\system32\MRT.INI
2008-08-28 09:09 . 2002-12-11 20:34 208,896 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-28 09:00 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-28 08:56 . 2008-08-28 09:39 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-28 08:53 . 2006-06-26 13:47 140,288 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-08-28 08:53 . 2006-03-01 15:44 83,456 --a------ C:\WINDOWS\system32\mtxoci.dll
2008-08-28 08:53 . 2006-03-01 15:44 64,512 --a------ C:\WINDOWS\system32\mtxclu.dll
2008-08-28 08:53 . 2006-06-26 13:47 6,144 -----c--- C:\WINDOWS\system32\dllcache\rasadhlp.dll
2008-08-28 08:25 . 2008-08-28 08:25 <DIR> d-------- C:\Documents and Settings\Ron Robichaud\Application Data\Yahoo!
2008-08-27 21:32 . 2008-08-27 21:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-27 21:32 . 2008-08-27 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-27 19:06 . 2008-08-27 19:06 <DIR> d-------- C:\WINDOWS\Sun
2008-08-27 19:05 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-27 19:03 . 2008-08-27 19:05 <DIR> d-------- C:\Program Files\Java
2008-08-27 19:03 . 2008-08-27 19:03 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-26 19:51 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 19:51 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-26 18:40 . 2008-08-26 18:40 <DIR> d-------- C:\Documents and Settings\Soleil Robichaud\Application Data\Yahoo!
2008-08-26 16:56 . 2008-08-26 16:56 <DIR> d-------- C:\Documents and Settings\Trevor Robichaud\Application Data\Yahoo!
2008-08-26 16:56 . 2008-08-26 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-26 16:55 . 2008-08-26 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-26 16:48 . 2008-08-26 16:53 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-26 09:16 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-08-26 09:16 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-08-26 09:16 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-08-26 09:16 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-08-26 09:16 . 2004-08-03 14:03 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-08-26 09:16 . 2004-08-03 14:01 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-08-26 09:16 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-08-25 14:33 . 2008-08-25 14:34 <DIR> d-------- C:\Documents and Settings\Ron Robichaud\Application Data\PrivacyControl
2008-08-24 19:54 . 2008-08-24 19:54 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-24 19:48 . 2008-08-24 20:05 <DIR> d-------- C:\SDFix
2008-08-24 12:30 . 2008-08-24 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-23 19:01 . 2008-08-23 19:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-23 18:49 . 2008-08-23 18:52 <DIR> d-------- C:\Documents and Settings\Soleil Robichaud\Application Data\AdwareAlert(2)
2008-08-23 18:20 . 2008-08-26 19:51 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-23 18:20 . 2008-08-23 18:20 <DIR> d-------- C:\Documents and Settings\Soleil Robichaud\Application Data\Malwarebytes
2008-08-23 18:20 . 2008-08-23 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-23 18:19 . 2008-08-23 18:19 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-23 18:13 . 2008-08-23 18:59 <DIR> d-------- C:\Program Files\ERUNT
2008-08-14 22:37 . 2008-08-14 22:37 <DIR> d-------- C:\Program Files\EPSON
2008-08-14 22:37 . 2004-06-24 01:20 309,760 --a------ C:\WINDOWS\system32\EAL32.DLL
2008-08-14 22:37 . 2004-03-12 01:30 82,944 --a------ C:\WINDOWS\system32\EAL.EXE
2008-08-14 22:37 . 2004-11-25 05:07 79,679 --a------ C:\WINDOWS\system32\E_FLMABA.DLL
2008-08-14 22:37 . 2003-05-21 02:27 64,000 --a------ C:\WINDOWS\system32\E_FBCBABA.DLL
2008-08-14 22:37 . 2000-06-07 01:01 34,304 --a------ C:\WINDOWS\system32\E_FBCHABA.DLL
2008-08-14 22:37 . 2004-06-24 01:20 51 --a------ C:\WINDOWS\system32\EAL32.INI
2008-08-11 00:33 . 2008-08-11 00:33 <DIR> d-------- C:\Documents and Settings\Soleil Robichaud\Application Data\acccore
2008-08-11 00:31 . 2008-08-11 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-08-11 00:30 . 2008-08-11 00:30 21 --a------ C:\WINDOWS\atid.ini
2008-08-11 00:29 . 2008-08-11 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-08-11 00:29 . 2008-08-11 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-08-11 00:29 . 2008-08-11 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-08-11 00:27 . 2008-08-11 00:33 <DIR> d-------- C:\Program Files\AIM6
2008-08-08 22:46 . 2008-08-08 22:46 53 --a------ C:\WINDOWS\system32\g.ftp
2008-08-07 17:31 . 2008-08-07 17:31 159,744 --a------ C:\WINDOWS\system32\Bsmtp.dll
2008-08-07 17:31 . 2008-08-07 17:31 108,336 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-08-07 15:46 . 2008-08-07 15:46 <DIR> d---s---- C:\Documents and Settings\Ron Robichaud\UserData
2008-08-01 23:09 . 2008-08-01 23:09 <DIR> d-------- C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP
2008-08-01 13:01 . 2008-08-15 12:21 <DIR> d-------- C:\Documents and Settings\Trevor Robichaud\Application Data\OnRez
2008-08-01 12:07 . 2008-08-01 12:07 <DIR> d---s---- C:\Documents and Settings\Trevor Robichaud\UserData
2008-07-31 22:03 . 2008-08-15 01:49 <DIR> d-------- C:\Documents and Settings\Trevor Robichaud\Application Data\SecondLife
2008-07-31 21:53 . 2008-07-31 21:53 <DIR> d---s---- C:\Documents and Settings\Soleil Robichaud\UserData
2008-07-31 21:40 . 2008-08-30 21:42 2,838 --a------ C:\WINDOWS\machine.ver
2008-07-31 14:02 . 2008-07-31 14:02 <DIR> d-------- C:\Documents and Settings\Soleil Robichaud\Application Data\MAGIX
2008-07-25 10:37 . 2006-05-23 17:41 626,688 --a------ C:\WINDOWS\system32\mgxoschk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 01:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-11 04:28 --------- d-----w C:\Program Files\Common Files\AOL
2008-08-08 07:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-08-02 03:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-01 15:16 --------- d-----w C:\Program Files\MindSpring 4.0
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.

------- Sigcheck -------

2004-08-03 14:02 113944 4fe41a819f5a1ff0923f12b34830a6ca C:\WINDOWS\LastGood\System32\wuauclt.exe
2007-07-30 19:19 53080 f3e9065eb617a7e3a832a7976bfa021b C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 f3e9065eb617a7e3a832a7976bfa021b C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( snapshot_2008-08-28_18.25.44.66 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-29 00:47:29 884,736 ----a-w C:\WINDOWS\gmer.dll
+ 2008-04-18 01:13:02 811,008 ----a-w C:\WINDOWS\gmer.exe
+ 2008-08-29 00:47:30 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 16:18 1670144]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-08-06 11:21 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="C:\WINDOWS\System32\00THotkey.exe" [2003-04-15 23:01 258048]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 03:19 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 03:07 114688]
"PmProxy"="C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe" [2003-02-28 22:54 40960]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-01-02 20:16 172032]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2002-12-25 17:38 159744]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 21:00 126976]
"NDSTray.exe"="C:\Program Files\Toshiba\ConfigFree\NDSTray.exe" [2003-01-17 23:26 458752]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29 40960]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2002-10-17 16:21 159744]
"AccessRampMonitor"="C:\Program Files\AccessRamp\ARMon32.exe" [1999-08-03 13:13 68096]
"QuickTime Task"="C:\WINDOWS\System32\qttask.exe" [2006-08-20 22:28 28672]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 02:12 49152]
"EPSON Stylus C88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE" [2005-01-27 04:00 98304]
"Background Intelligent Transfer Service"="C:\WINDOWS\help\svchost.exe" [BU]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"000StTHK"="000StTHK.exe" [2001-06-23 23:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-04-18 14:20 88363 C:\WINDOWS\agrsmmsg.exe]
"TFNF5"="TFNF5.exe" [2001-08-03 20:08 73728 C:\WINDOWS\system32\TFNF5.exe]
"Tpwrtray"="TPWRTRAY.EXE" [2002-12-10 13:49 237568 C:\WINDOWS\system32\TPWRTRAY.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 02:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-09-04 18:23:00 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"wmsncs.exe"= wmsncs.exe:SYSTEM

S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;C:\WINDOWS\System32\DRIVERS\cben5.sys [2001-08-17 08:13]
S3 wlags48b;Wireless LAN PCCard Driver;C:\WINDOWS\System32\DRIVERS\wlags48b.sys [2002-06-28 19:29]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2003-10-11 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 12:04]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O8 -: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 12:33:49
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-31 12:36:07
ComboFix-quarantined-files.txt 2008-08-31 16:35:55
ComboFix2.txt 2008-08-28 22:26:17
ComboFix3.txt 2008-08-26 23:40:18
ComboFix4.txt 2008-08-26 00:14:38
ComboFix5.txt 2008-08-31 16:29:54

Pre-Run: 553,152,512 bytes free
Post-Run: 820,572,160 bytes free

206 --- E O F --- 2008-08-28 13:39:55
  • 0

#48
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Yes post the Dr. Web log
  • 0

#49
synesthesia

synesthesia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I can't figure out how to view the Dr. Web log, and it won't let me attach it =/
  • 0

#50
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Right click on the .cv file, open with notepad, post that here
  • 0

#51
synesthesia

synesthesia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
wmsncs.exe.vir;C:\QooBox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup;BackDoor.IRC.Sdbot.3756;Deleted.;
41.qit.vir;C:\QooBox\Quarantine\C\Documents and Settings\Soleil Robichaud\Application Data\AdwareAlert(2)\Quarantine(2)\21-08-2008-22-11-2;BackDoor.IRC.Sdbot.1631;Deleted.;
0.qit.vir;C:\QooBox\Quarantine\C\Documents and Settings\Soleil Robichaud\Application Data\AdwareAlert(2)\Quarantine(2)\23-08-2008-17-03-5;BackDoor.IRC.Sdbot.1631;Deleted.;
wmsncs.exe.vir;C:\QooBox\Quarantine\C\Program Files\Common Files\System;BackDoor.IRC.Sdbot.3756;Deleted.;
wmsncs.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\Fonts;BackDoor.IRC.Sdbot.3756;Deleted.;
mumie[1].exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KPY3OLEF;BackDoor.IRC.Sdbot.1631;Deleted.;
wmsncs.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\spool\drivers;BackDoor.IRC.Sdbot.3756;Deleted.;
wmsncs.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\wins;BackDoor.IRC.Sdbot.3756;Deleted.;
Process.exe;C:\SDFix\apps;Tool.Prockill;;
A0101459.exe;C:\System Volume Information\_restore{1D754853-CD2B-4287-9A0D-7BEC62082DED}\RP124;BackDoor.IRC.Sdbot.3756;Deleted.;
A0101460.exe;C:\System Volume Information\_restore{1D754853-CD2B-4287-9A0D-7BEC62082DED}\RP124;BackDoor.IRC.Sdbot.3756;Deleted.;
A0101461.exe;C:\System Volume Information\_restore{1D754853-CD2B-4287-9A0D-7BEC62082DED}\RP124;BackDoor.IRC.Sdbot.3756;Deleted.;
A0101462.exe;C:\System Volume Information\_restore{1D754853-CD2B-4287-9A0D-7BEC62082DED}\RP124;BackDoor.IRC.Sdbot.3756;Deleted.;
A0101464.exe;C:\System Volume Information\_restore{1D754853-CD2B-4287-9A0D-7BEC62082DED}\RP124;BackDoor.IRC.Sdbot.3756;Deleted.;
A0101465.bat;C:\System Volume Information\_restore{1D754853-CD2B-4287-9A0D-7BEC62082DED}\RP124;Probably BATCH.Virus;;
A0101466.EXE;C:\System Volume Information\_restore{1D754853-CD2B-4287-9A0D-7BEC62082DED}\RP124;Program.PsExec.170;;
A0101479.exe;C:\System Volume Information\_restore{1D754853-CD2B-4287-9A0D-7BEC62082DED}\RP124;BackDoor.IRC.Sdbot.3756;Deleted.;
A0101486.EXE;C:\System Volume Information\_restore{1D754853-CD2B-4287-9A0D-7BEC62082DED}\RP124;Program.PsExec.170;;
A0101528.exe;C:\System Volume Information\_restore{1D754853-CD2B-4287-9A0D-7BEC62082DED}\RP124;BackDoor.IRC.Sdbot.3756;Deleted.;
A0110597.exe\327882R2FWJFW\List-C.bat;C:\System Volume Information\_restore{1D754853-CD2B-4287-9A0D-7BEC62082DED}\RP128\A0110597.exe;Probably BATCH.Virus;;
A0110597.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{1D754853-CD2B-4287-9A0D-7BEC62082DED}\RP128\A0110597.exe;Program.PsExec.171;;
A0110597.exe;C:\System Volume Information\_restore{1D754853-CD2B-4287-9A0D-7BEC62082DED}\RP128;Archive contains infected objects;Moved.;
A0110600.exe;C:\System Volume Information\_restore{1D754853-CD2B-4287-9A0D-7BEC62082DED}\RP128;BackDoor.IRC.Sdbot.3756;Deleted.;
  • 0

#52
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok re-download ComboFix and run it, also post a new HJT Log
  • 0

#53
synesthesia

synesthesia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
ComboFix:

ComboFix 08-09-01.01 - Soleil Robichaud 2008-09-01 18:17:02.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.78 [GMT -4:00]
Running from: C:\Documents and Settings\Soleil Robichaud\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Soleil Robichaud\Application Data\macromedia\Flash Player\#SharedObjects\FUYZS8F5\interclick.com
C:\Documents and Settings\Soleil Robichaud\Application Data\macromedia\Flash Player\#SharedObjects\FUYZS8F5\interclick.com\ud.sol
C:\Documents and Settings\Soleil Robichaud\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Soleil Robichaud\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Soleil Robichaud\Cookies\soleil [email protected][2].txt
C:\Documents and Settings\Soleil Robichaud\Cookies\soleil [email protected][2].txt

.
((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))
.

2008-09-01 10:45 . 2008-09-01 10:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-01 10:45 . 2008-09-01 10:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-30 19:55 . 2008-08-30 20:24 <DIR> d-------- C:\Documents and Settings\Soleil Robichaud\DoctorWeb
2008-08-28 20:47 . 2008-08-28 20:54 345 --a------ C:\WINDOWS\gmer.ini
2008-08-28 09:32 . 2008-08-28 09:32 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-28 09:14 . 2008-08-28 09:14 137 --a------ C:\WINDOWS\system32\MRT.INI
2008-08-28 09:09 . 2002-12-11 20:34 208,896 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-28 09:00 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-28 08:56 . 2008-08-28 09:39 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-28 08:53 . 2006-06-26 13:47 140,288 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-08-28 08:53 . 2006-03-01 15:44 83,456 --a------ C:\WINDOWS\system32\mtxoci.dll
2008-08-28 08:53 . 2006-03-01 15:44 64,512 --a------ C:\WINDOWS\system32\mtxclu.dll
2008-08-28 08:53 . 2006-06-26 13:47 6,144 -----c--- C:\WINDOWS\system32\dllcache\rasadhlp.dll
2008-08-28 08:25 . 2008-08-28 08:25 <DIR> d-------- C:\Documents and Settings\Ron Robichaud\Application Data\Yahoo!
2008-08-27 21:32 . 2008-08-27 21:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-27 21:32 . 2008-08-27 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-27 19:06 . 2008-08-27 19:06 <DIR> d-------- C:\WINDOWS\Sun
2008-08-27 19:05 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-27 19:03 . 2008-08-27 19:05 <DIR> d-------- C:\Program Files\Java
2008-08-27 19:03 . 2008-08-27 19:03 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-26 19:51 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 19:51 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-26 18:40 . 2008-08-26 18:40 <DIR> d-------- C:\Documents and Settings\Soleil Robichaud\Application Data\Yahoo!
2008-08-26 16:56 . 2008-08-26 16:56 <DIR> d-------- C:\Documents and Settings\Trevor Robichaud\Application Data\Yahoo!
2008-08-26 16:56 . 2008-08-26 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-26 16:55 . 2008-08-26 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-26 16:48 . 2008-08-26 16:53 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-26 09:16 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-08-26 09:16 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-08-26 09:16 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-08-26 09:16 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-08-26 09:16 . 2004-08-03 14:03 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-08-26 09:16 . 2004-08-03 14:01 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-08-26 09:16 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-08-25 14:33 . 2008-08-25 14:34 <DIR> d-------- C:\Documents and Settings\Ron Robichaud\Application Data\PrivacyControl
2008-08-24 19:54 . 2008-08-24 19:54 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-24 19:48 . 2008-08-24 20:05 <DIR> d-------- C:\SDFix
2008-08-24 12:30 . 2008-08-24 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-23 19:01 . 2008-08-23 19:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-23 18:49 . 2008-08-23 18:52 <DIR> d-------- C:\Documents and Settings\Soleil Robichaud\Application Data\AdwareAlert(2)
2008-08-23 18:20 . 2008-08-26 19:51 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-23 18:20 . 2008-08-23 18:20 <DIR> d-------- C:\Documents and Settings\Soleil Robichaud\Application Data\Malwarebytes
2008-08-23 18:20 . 2008-08-23 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-23 18:19 . 2008-08-23 18:19 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-23 18:13 . 2008-08-23 18:59 <DIR> d-------- C:\Program Files\ERUNT
2008-08-14 22:37 . 2008-08-14 22:37 <DIR> d-------- C:\Program Files\EPSON
2008-08-14 22:37 . 2004-06-24 01:20 309,760 --a------ C:\WINDOWS\system32\EAL32.DLL
2008-08-14 22:37 . 2004-03-12 01:30 82,944 --a------ C:\WINDOWS\system32\EAL.EXE
2008-08-14 22:37 . 2004-11-25 05:07 79,679 --a------ C:\WINDOWS\system32\E_FLMABA.DLL
2008-08-14 22:37 . 2003-05-21 02:27 64,000 --a------ C:\WINDOWS\system32\E_FBCBABA.DLL
2008-08-14 22:37 . 2000-06-07 01:01 34,304 --a------ C:\WINDOWS\system32\E_FBCHABA.DLL
2008-08-14 22:37 . 2004-06-24 01:20 51 --a------ C:\WINDOWS\system32\EAL32.INI
2008-08-11 00:33 . 2008-08-11 00:33 <DIR> d-------- C:\Documents and Settings\Soleil Robichaud\Application Data\acccore
2008-08-11 00:31 . 2008-08-11 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-08-11 00:30 . 2008-08-11 00:30 21 --a------ C:\WINDOWS\atid.ini
2008-08-11 00:29 . 2008-08-11 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-08-11 00:29 . 2008-08-11 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-08-11 00:29 . 2008-08-11 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-08-11 00:27 . 2008-08-11 00:33 <DIR> d-------- C:\Program Files\AIM6
2008-08-08 22:46 . 2008-08-08 22:46 53 --a------ C:\WINDOWS\system32\g.ftp
2008-08-07 17:31 . 2008-08-07 17:31 159,744 --a------ C:\WINDOWS\system32\Bsmtp.dll
2008-08-07 17:31 . 2008-08-07 17:31 108,336 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-08-07 15:46 . 2008-08-07 15:46 <DIR> d---s---- C:\Documents and Settings\Ron Robichaud\UserData
2008-08-01 23:09 . 2008-08-01 23:09 <DIR> d-------- C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP
2008-08-01 13:01 . 2008-08-15 12:21 <DIR> d-------- C:\Documents and Settings\Trevor Robichaud\Application Data\OnRez
2008-08-01 12:07 . 2008-08-01 12:07 <DIR> d---s---- C:\Documents and Settings\Trevor Robichaud\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 01:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-15 05:49 --------- d-----w C:\Documents and Settings\Trevor Robichaud\Application Data\SecondLife
2008-08-11 04:28 --------- d-----w C:\Program Files\Common Files\AOL
2008-08-08 07:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-08-02 03:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-01 15:16 --------- d-----w C:\Program Files\MindSpring 4.0
2008-07-31 18:02 --------- d-----w C:\Documents and Settings\Soleil Robichaud\Application Data\MAGIX
.

------- Sigcheck -------

2004-08-03 14:02 113944 4fe41a819f5a1ff0923f12b34830a6ca C:\WINDOWS\LastGood\System32\wuauclt.exe
2007-07-30 19:19 53080 f3e9065eb617a7e3a832a7976bfa021b C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 f3e9065eb617a7e3a832a7976bfa021b C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( snapshot_2008-08-28_18.25.44.66 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-29 00:47:29 884,736 ----a-w C:\WINDOWS\gmer.dll
+ 2008-04-18 01:13:02 811,008 ----a-w C:\WINDOWS\gmer.exe
+ 2008-08-29 00:47:30 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 16:18 1670144]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-08-06 11:21 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="C:\WINDOWS\System32\00THotkey.exe" [2003-04-15 23:01 258048]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 03:19 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 03:07 114688]
"PmProxy"="C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe" [2003-02-28 22:54 40960]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-01-02 20:16 172032]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2002-12-25 17:38 159744]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 21:00 126976]
"NDSTray.exe"="C:\Program Files\Toshiba\ConfigFree\NDSTray.exe" [2003-01-17 23:26 458752]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29 40960]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2002-10-17 16:21 159744]
"AccessRampMonitor"="C:\Program Files\AccessRamp\ARMon32.exe" [1999-08-03 13:13 68096]
"QuickTime Task"="C:\WINDOWS\System32\qttask.exe" [2006-08-20 22:28 28672]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 02:12 49152]
"EPSON Stylus C88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE" [2005-01-27 04:00 98304]
"Background Intelligent Transfer Service"="C:\WINDOWS\help\svchost.exe" [BU]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"000StTHK"="000StTHK.exe" [2001-06-23 23:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-04-18 14:20 88363 C:\WINDOWS\agrsmmsg.exe]
"TFNF5"="TFNF5.exe" [2001-08-03 20:08 73728 C:\WINDOWS\system32\TFNF5.exe]
"Tpwrtray"="TPWRTRAY.EXE" [2002-12-10 13:49 237568 C:\WINDOWS\system32\TPWRTRAY.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 02:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-09-04 18:23:00 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"wmsncs.exe"= wmsncs.exe:SYSTEM

S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;C:\WINDOWS\System32\DRIVERS\cben5.sys [2001-08-17 08:13]
S3 wlags48b;Wireless LAN PCCard Driver;C:\WINDOWS\System32\DRIVERS\wlags48b.sys [2002-06-28 19:29]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O8 -: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-01 18:19:20
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-01 18:21:48
ComboFix-quarantined-files.txt 2008-09-01 22:21:44
ComboFix2.txt 2008-08-31 16:36:08
ComboFix3.txt 2008-08-28 22:26:17
ComboFix4.txt 2008-08-26 23:40:18
ComboFix5.txt 2008-09-01 22:15:53

Pre-Run: 669,372,416 bytes free
Post-Run: 666,980,352 bytes free

188 --- E O F --- 2008-08-28 13:39:55






HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:46 PM, on 9/1/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\AccessRamp\ARMon32.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [AccessRampMonitor] C:\Program Files\AccessRamp\ARMon32.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O5 "LPT1:" /M "Stylus C88"
O4 - HKLM\..\Run: [Background Intelligent Transfer Service] C:\WINDOWS\help\svchost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://start.mindspring.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.co...?BundleId=23100
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6982 bytes
  • 0

#54
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok making progress


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"wmsncs.exe"=-

[HKLM\SYSTEM\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"wmsncs.exe"=-


Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.





Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Under Additional Scans check the boxes beside Reg - App Paths, Reg - Bot Check, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg Mountpoints2, File - Additional Folder Scans, and File - Purity Scan.
  • Under Drivers change it to Non-Microsoft.
  • Under Files Created Within and Files Modified Within change it to 90 days.
  • Under Rootkit Search change it to Yes
  • Check the box at the top-left beside Scan All Users
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way
  • 0

#55
synesthesia

synesthesia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
ComboFix:

ComboFix 08-09-01.01 - Soleil Robichaud 2008-09-01 18:37:59.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.91 [GMT -4:00]
Running from: C:\Documents and Settings\Soleil Robichaud\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Soleil Robichaud\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))
.

2008-09-01 10:45 . 2008-09-01 10:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-01 10:45 . 2008-09-01 10:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-30 19:55 . 2008-08-30 20:24 <DIR> d-------- C:\Documents and Settings\Soleil Robichaud\DoctorWeb
2008-08-28 20:47 . 2008-08-28 20:54 345 --a------ C:\WINDOWS\gmer.ini
2008-08-28 09:32 . 2008-08-28 09:32 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-28 09:14 . 2008-08-28 09:14 137 --a------ C:\WINDOWS\system32\MRT.INI
2008-08-28 09:09 . 2002-12-11 20:34 208,896 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-28 09:00 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-28 08:56 . 2008-08-28 09:39 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-28 08:53 . 2006-06-26 13:47 140,288 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-08-28 08:53 . 2006-03-01 15:44 83,456 --a------ C:\WINDOWS\system32\mtxoci.dll
2008-08-28 08:53 . 2006-03-01 15:44 64,512 --a------ C:\WINDOWS\system32\mtxclu.dll
2008-08-28 08:53 . 2006-06-26 13:47 6,144 -----c--- C:\WINDOWS\system32\dllcache\rasadhlp.dll
2008-08-28 08:25 . 2008-08-28 08:25 <DIR> d-------- C:\Documents and Settings\Ron Robichaud\Application Data\Yahoo!
2008-08-27 21:32 . 2008-08-27 21:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-27 21:32 . 2008-08-27 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-27 19:06 . 2008-08-27 19:06 <DIR> d-------- C:\WINDOWS\Sun
2008-08-27 19:05 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-27 19:03 . 2008-08-27 19:05 <DIR> d-------- C:\Program Files\Java
2008-08-27 19:03 . 2008-08-27 19:03 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-26 19:51 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 19:51 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-26 18:40 . 2008-08-26 18:40 <DIR> d-------- C:\Documents and Settings\Soleil Robichaud\Application Data\Yahoo!
2008-08-26 16:56 . 2008-08-26 16:56 <DIR> d-------- C:\Documents and Settings\Trevor Robichaud\Application Data\Yahoo!
2008-08-26 16:56 . 2008-08-26 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-26 16:55 . 2008-08-26 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-26 16:48 . 2008-08-26 16:53 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-26 09:16 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-08-26 09:16 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-08-26 09:16 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-08-26 09:16 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-08-26 09:16 . 2004-08-03 14:03 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-08-26 09:16 . 2004-08-03 14:01 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-08-26 09:16 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-08-25 14:33 . 2008-08-25 14:34 <DIR> d-------- C:\Documents and Settings\Ron Robichaud\Application Data\PrivacyControl
2008-08-24 19:54 . 2008-08-24 19:54 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-24 19:48 . 2008-08-24 20:05 <DIR> d-------- C:\SDFix
2008-08-24 12:30 . 2008-08-24 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-23 19:01 . 2008-08-23 19:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-23 18:49 . 2008-08-23 18:52 <DIR> d-------- C:\Documents and Settings\Soleil Robichaud\Application Data\AdwareAlert(2)
2008-08-23 18:20 . 2008-08-26 19:51 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-23 18:20 . 2008-08-23 18:20 <DIR> d-------- C:\Documents and Settings\Soleil Robichaud\Application Data\Malwarebytes
2008-08-23 18:20 . 2008-08-23 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-23 18:19 . 2008-08-23 18:19 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-23 18:13 . 2008-08-23 18:59 <DIR> d-------- C:\Program Files\ERUNT
2008-08-14 22:37 . 2008-08-14 22:37 <DIR> d-------- C:\Program Files\EPSON
2008-08-14 22:37 . 2004-06-24 01:20 309,760 --a------ C:\WINDOWS\system32\EAL32.DLL
2008-08-14 22:37 . 2004-03-12 01:30 82,944 --a------ C:\WINDOWS\system32\EAL.EXE
2008-08-14 22:37 . 2004-11-25 05:07 79,679 --a------ C:\WINDOWS\system32\E_FLMABA.DLL
2008-08-14 22:37 . 2003-05-21 02:27 64,000 --a------ C:\WINDOWS\system32\E_FBCBABA.DLL
2008-08-14 22:37 . 2000-06-07 01:01 34,304 --a------ C:\WINDOWS\system32\E_FBCHABA.DLL
2008-08-14 22:37 . 2004-06-24 01:20 51 --a------ C:\WINDOWS\system32\EAL32.INI
2008-08-11 00:33 . 2008-08-11 00:33 <DIR> d-------- C:\Documents and Settings\Soleil Robichaud\Application Data\acccore
2008-08-11 00:31 . 2008-08-11 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-08-11 00:30 . 2008-08-11 00:30 21 --a------ C:\WINDOWS\atid.ini
2008-08-11 00:29 . 2008-08-11 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-08-11 00:29 . 2008-08-11 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-08-11 00:29 . 2008-08-11 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-08-11 00:27 . 2008-08-11 00:33 <DIR> d-------- C:\Program Files\AIM6
2008-08-08 22:46 . 2008-08-08 22:46 53 --a------ C:\WINDOWS\system32\g.ftp
2008-08-07 17:31 . 2008-08-07 17:31 159,744 --a------ C:\WINDOWS\system32\Bsmtp.dll
2008-08-07 17:31 . 2008-08-07 17:31 108,336 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-08-07 15:46 . 2008-08-07 15:46 <DIR> d---s---- C:\Documents and Settings\Ron Robichaud\UserData
2008-08-01 23:09 . 2008-08-01 23:09 <DIR> d-------- C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP
2008-08-01 13:01 . 2008-08-15 12:21 <DIR> d-------- C:\Documents and Settings\Trevor Robichaud\Application Data\OnRez
2008-08-01 12:07 . 2008-08-01 12:07 <DIR> d---s---- C:\Documents and Settings\Trevor Robichaud\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 01:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-15 05:49 --------- d-----w C:\Documents and Settings\Trevor Robichaud\Application Data\SecondLife
2008-08-11 04:28 --------- d-----w C:\Program Files\Common Files\AOL
2008-08-08 07:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-08-02 03:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-01 15:16 --------- d-----w C:\Program Files\MindSpring 4.0
2008-07-31 18:02 --------- d-----w C:\Documents and Settings\Soleil Robichaud\Application Data\MAGIX
.

------- Sigcheck -------

2004-08-03 14:02 113944 4fe41a819f5a1ff0923f12b34830a6ca C:\WINDOWS\LastGood\System32\wuauclt.exe
2007-07-30 19:19 53080 f3e9065eb617a7e3a832a7976bfa021b C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 f3e9065eb617a7e3a832a7976bfa021b C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( snapshot_2008-08-28_18.25.44.66 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-29 00:47:29 884,736 ----a-w C:\WINDOWS\gmer.dll
+ 2008-04-18 01:13:02 811,008 ----a-w C:\WINDOWS\gmer.exe
+ 2008-08-29 00:47:30 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 16:18 1670144]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-08-06 11:21 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="C:\WINDOWS\System32\00THotkey.exe" [2003-04-15 23:01 258048]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 03:19 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 03:07 114688]
"PmProxy"="C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe" [2003-02-28 22:54 40960]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-01-02 20:16 172032]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2002-12-25 17:38 159744]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 21:00 126976]
"NDSTray.exe"="C:\Program Files\Toshiba\ConfigFree\NDSTray.exe" [2003-01-17 23:26 458752]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29 40960]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2002-10-17 16:21 159744]
"AccessRampMonitor"="C:\Program Files\AccessRamp\ARMon32.exe" [1999-08-03 13:13 68096]
"QuickTime Task"="C:\WINDOWS\System32\qttask.exe" [2006-08-20 22:28 28672]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 02:12 49152]
"EPSON Stylus C88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE" [2005-01-27 04:00 98304]
"Background Intelligent Transfer Service"="C:\WINDOWS\help\svchost.exe" [BU]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"000StTHK"="000StTHK.exe" [2001-06-23 23:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-04-18 14:20 88363 C:\WINDOWS\agrsmmsg.exe]
"TFNF5"="TFNF5.exe" [2001-08-03 20:08 73728 C:\WINDOWS\system32\TFNF5.exe]
"Tpwrtray"="TPWRTRAY.EXE" [2002-12-10 13:49 237568 C:\WINDOWS\system32\TPWRTRAY.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 02:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-09-04 18:23:00 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;C:\WINDOWS\System32\DRIVERS\cben5.sys [2001-08-17 08:13]
S3 wlags48b;Wireless LAN PCCard Driver;C:\WINDOWS\System32\DRIVERS\wlags48b.sys [2002-06-28 19:29]
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-01 18:40:08
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-01 18:42:49
ComboFix-quarantined-files.txt 2008-09-01 22:42:42
ComboFix2.txt 2008-09-01 22:21:49
ComboFix3.txt 2008-08-31 16:36:08
ComboFix4.txt 2008-08-28 22:26:17
ComboFix5.txt 2008-09-01 22:35:57

Pre-Run: 579,764,224 bytes free
Post-Run: 573,030,400 bytes free

166 --- E O F --- 2008-08-28 13:39:55

Attached Files


  • 0

Advertisements


#56
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Start OTScanIt. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Driver Services - Non-Microsoft Only]
YY -> (gmer) gmer [Kernel | System | Running] -> %SystemRoot%\system32\drivers\gmer.sys
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Background Intelligent Transfer Service -> %SystemRoot%\help\svchost.exe [C:\WINDOWS\help\svchost.exe]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > ->
YN -> HKEY_LOCAL_MACHINE\: URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\] > -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{0264505A-6793-44E0-AC75-9DCE3B13185C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{0264505A-6793-44E0-AC75-9DCE3B13185C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{0264505A-6793-44E0-AC75-9DCE3B13185C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\] > -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{0264505A-6793-44E0-AC75-9DCE3B13185C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\] > -> HKEY_USERS\S-1-5-21-1238604406-4063022668-1793010294-1008\Software\Microsoft\Internet Explorer\MenuExt\
YN -> E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE
[Files/Folders - Created Within 90 days]
NY -> SDFix -> %SystemDrive%\SDFix
NY -> gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> gmer.dll -> %SystemRoot%\gmer.dll
NY -> gmer.exe -> %SystemRoot%\gmer.exe
NY -> gmer.ini -> %SystemRoot%\gmer.ini
NY -> gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd
NY -> jautoexp.dat -> %SystemRoot%\jautoexp.dat
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> avenger.exe -> %UserProfile%\Desktop\avenger.exe
NY -> drweb-cureit.exe -> %UserProfile%\Desktop\drweb-cureit.exe
NY -> DrWeb.csv -> %UserProfile%\Desktop\DrWeb.csv
[Files/Folders - Modified Within 90 days]
NY -> gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> gmer.dll -> %SystemRoot%\gmer.dll
NY -> gmer.ini -> %SystemRoot%\gmer.ini
NY -> gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> avenger.exe -> %UserProfile%\Desktop\avenger.exe
NY -> drweb-cureit.exe -> %UserProfile%\Desktop\drweb-cureit.exe
NY -> DrWeb.csv -> %UserProfile%\Desktop\DrWeb.csv
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.



Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Then double click on the fix.reg file, when it prompts to merge click "Yes".




Reboot and do this


  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0

#57
synesthesia

synesthesia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
when I try to do the OTscanit thing it scans for a few seconds and then this message pops up =/

Access violation at address 720508B0. Read of address 720508B0.
  • 0

#58
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok do the registry fix step

Then do this


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Background Intelligent Transfer Service 
    C:\Windows\jautoexp.dat
    purity 
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Then reboot and do the Rsit step
  • 0

#59
synesthesia

synesthesia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
OTMoveIt2 log:



Explorer killed successfully
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Background Intelligent Transfer Service >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Background Intelligent Transfer Service not found.
C:\Windows\jautoexp.dat moved successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\SOLEIL~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\SOLEIL~1\LOCALS~1\Temp\~DFBCE5.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09022008_190612

Files moved on Reboot...
C:\DOCUME~1\SOLEIL~1\LOCALS~1\Temp\hpodvd09.log moved successfully.
C:\DOCUME~1\SOLEIL~1\LOCALS~1\Temp\~DFBCE5.tmp moved successfully.

Edited by synesthesia, 02 September 2008 - 05:14 PM.

  • 0

#60
synesthesia

synesthesia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
RSIT Log:


Logfile of random's system information tool (written by random/random)
Run by Soleil Robichaud at 2008-09-02 19:19:41
Microsoft Windows XP Home Edition Service Pack 1
System drive C: has 453 MB (6%) free of 8 GB
Total RAM: 239 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:44 PM, on 9/2/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\AccessRamp\ARMon32.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Documents and Settings\Soleil Robichaud\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Soleil Robichaud.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [AccessRampMonitor] C:\Program Files\AccessRamp\ARMon32.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O5 "LPT1:" /M "Stylus C88"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://start.mindspring.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.co...?BundleId=23100
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6954 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\Symantec NetDetect.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-08-29 842268]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"=C:\WINDOWS\System32\00THotkey.exe [2003-04-15 258048]
"000StTHK"=C:\WINDOWS\system32\000StTHK.exe [2001-06-23 24576]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2003-04-07 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-04-07 114688]
"PmProxy"=C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe [2003-02-28 40960]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2003-01-02 172032]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-04-18 88363]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2002-12-25 159744]
"TFNF5"=C:\WINDOWS\system32\TFNF5.exe [2001-08-03 73728]
"Tpwrtray"=C:\WINDOWS\system32\TPWRTRAY.EXE [2002-12-10 237568]
"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [2003-01-21 126976]
"NDSTray.exe"=C:\Program Files\Toshiba\ConfigFree\NDSTray.exe [2003-01-17 458752]
"ezShieldProtector for Px"=C:\WINDOWS\System32\ezSP_Px.exe [2002-08-20 40960]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2002-10-17 159744]
"AccessRampMonitor"=C:\Program Files\AccessRamp\ARMon32.exe [1999-08-03 68096]
"QuickTime Task"=C:\WINDOWS\System32\qttask.exe [2006-08-20 28672]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-12 49152]
"EPSON Stylus C88 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE [2005-01-27 98304]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-11-15 1670144]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-08-06 50472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-07 315392]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

List of files/folders created in the last three months

2008-09-02 19:06:12 ----D---- C:\_OTMoveIt
2008-09-02 19:00:36 ----D---- C:\rsit
2008-09-02 18:51:12 ----SHD---- C:\RECYCLER
2008-09-02 17:16:25 ----D---- C:\_OTScanIt
2008-09-01 18:42:54 ----D---- C:\WINDOWS\temp
2008-09-01 18:42:49 ----A---- C:\ComboFix.txt
2008-08-30 17:19:26 ----D---- C:\Avenger
2008-08-29 18:57:45 ----A---- C:\avenger.txt
2008-08-28 20:47:33 ----A---- C:\WINDOWS\gmer.ini
2008-08-28 20:47:29 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-08-28 20:47:29 ----A---- C:\WINDOWS\gmer.exe
2008-08-28 20:47:29 ----A---- C:\WINDOWS\gmer.dll
2008-08-28 09:39:20 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-08-28 09:37:16 ----SHD---- C:\Config.Msi
2008-08-28 09:36:26 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2008-08-28 09:35:59 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2008-08-28 09:35:23 ----HDC---- C:\WINDOWS\$NtUninstallKB917734_WMP9$
2008-08-28 09:34:37 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2008-08-28 09:34:15 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-08-28 09:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2008-08-28 09:33:23 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-08-28 09:32:56 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-08-28 09:32:05 ----D---- C:\WINDOWS\System32\bits
2008-08-28 09:31:50 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2008-08-28 09:14:21 ----A---- C:\WINDOWS\System32\MRT.INI
2008-08-28 09:12:58 ----A---- C:\WINDOWS\System32\MRT.exe
2008-08-28 09:12:10 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-08-28 09:10:06 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-08-28 09:09:16 ----HDC---- C:\WINDOWS\$NtUninstallKB898458$
2008-08-28 09:09:12 ----A---- C:\WINDOWS\System32\wmpns.dll
2008-08-28 09:08:24 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2008-08-28 09:07:07 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2008-08-28 09:06:52 ----A---- C:\WINDOWS\setdebug.exe
2008-08-28 09:06:51 ----A---- C:\WINDOWS\System32\jit.dll
2008-08-28 09:06:51 ----A---- C:\WINDOWS\System32\javaee.dll
2008-08-28 09:06:50 ----A---- C:\WINDOWS\System32\dx3j.dll
2008-08-28 09:06:37 ----A---- C:\WINDOWS\System32\wjview.exe
2008-08-28 09:06:37 ----A---- C:\WINDOWS\System32\vmhelper.dll
2008-08-28 09:06:36 ----A---- C:\WINDOWS\System32\msjdbc10.dll
2008-08-28 09:06:36 ----A---- C:\WINDOWS\System32\msjava.dll
2008-08-28 09:06:35 ----A---- C:\WINDOWS\System32\msawt.dll
2008-08-28 09:06:34 ----A---- C:\WINDOWS\System32\jview.exe
2008-08-28 09:06:34 ----A---- C:\WINDOWS\System32\jdbgmgr.exe
2008-08-28 09:06:34 ----A---- C:\WINDOWS\System32\javart.dll
2008-08-28 09:06:33 ----A---- C:\WINDOWS\System32\javaprxy.dll
2008-08-28 09:06:33 ----A---- C:\WINDOWS\System32\javacypt.dll
2008-08-28 09:06:31 ----A---- C:\WINDOWS\System32\clspack.exe
2008-08-28 09:05:28 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2008-08-28 09:04:17 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2008-08-28 09:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-08-28 09:02:06 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-08-28 09:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2008-08-28 09:00:53 ----D---- C:\WINDOWS\System32\PreInstall
2008-08-28 09:00:24 ----A---- C:\WINDOWS\System32\spupdsvc.exe
2008-08-28 09:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-08-28 08:59:36 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-08-28 08:58:46 ----HDC---- C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$
2008-08-28 08:58:09 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2008-08-28 08:57:43 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-08-28 08:57:23 ----HDC---- C:\WINDOWS\$NtUninstallKB835409$
2008-08-28 08:57:00 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-08-28 08:56:59 ----HD---- C:\WINDOWS\$hf_mig$
2008-08-28 08:55:31 ----A---- C:\WINDOWS\System32\kerberos.dll
2008-08-28 08:55:19 ----A---- C:\WINDOWS\System32\shsvcs.dll
2008-08-28 08:55:19 ----A---- C:\WINDOWS\System32\cscdll.dll
2008-08-28 08:55:05 ----A---- C:\WINDOWS\System32\rasmans.dll
2008-08-28 08:55:04 ----A---- C:\WINDOWS\System32\winipsec.dll
2008-08-28 08:55:04 ----A---- C:\WINDOWS\System32\polstore.dll
2008-08-28 08:55:04 ----A---- C:\WINDOWS\System32\oakley.dll
2008-08-28 08:55:04 ----A---- C:\WINDOWS\System32\ipsmsnap.dll
2008-08-28 08:55:04 ----A---- C:\WINDOWS\System32\ipsecsvc.dll
2008-08-28 08:55:04 ----A---- C:\WINDOWS\System32\ipsecsnp.dll
2008-08-28 08:55:03 ----A---- C:\WINDOWS\System32\mf3216.dll
2008-08-28 08:54:59 ----A---- C:\WINDOWS\System32\spoolsv.exe
2008-08-28 08:54:57 ----N---- C:\WINDOWS\System32\xpob2res.dll
2008-08-28 08:54:57 ----N---- C:\WINDOWS\System32\bitsprx3.dll
2008-08-28 08:54:57 ----N---- C:\WINDOWS\System32\bitsprx2.dll
2008-08-28 08:54:57 ----A---- C:\WINDOWS\System32\winhttp.dll
2008-08-28 08:54:57 ----A---- C:\WINDOWS\System32\qmgrprxy.dll
2008-08-28 08:54:24 ----A---- C:\WINDOWS\System32\netman.dll
2008-08-28 08:54:23 ----A---- C:\WINDOWS\System32\mscms.dll
2008-08-28 08:54:22 ----A---- C:\WINDOWS\System32\xpsp2res.dll
2008-08-28 08:54:22 ----A---- C:\WINDOWS\System32\sxs.dll
2008-08-28 08:54:22 ----A---- C:\WINDOWS\System32\fldrclnr.dll
2008-08-28 08:54:20 ----A---- C:\WINDOWS\System32\shell32.dll
2008-08-28 08:54:18 ----A---- C:\WINDOWS\System32\linkinfo.dll
2008-08-28 08:54:17 ----A---- C:\WINDOWS\System32\SHLWAPI.DLL
2008-08-28 08:54:03 ----N---- C:\WINDOWS\System32\verclsid.exe
2008-08-28 08:53:56 ----A---- C:\WINDOWS\System32\mtxoci.dll
2008-08-28 08:53:56 ----A---- C:\WINDOWS\System32\mtxclu.dll
2008-08-28 08:53:48 ----A---- C:\WINDOWS\System32\rasadhlp.dll
2008-08-28 08:53:48 ----A---- C:\WINDOWS\System32\dnsapi.dll
2008-08-27 21:32:43 ----D---- C:\Program Files\Lavasoft
2008-08-27 21:32:41 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-27 19:06:21 ----D---- C:\WINDOWS\Sun
2008-08-27 19:06:21 ----D---- C:\Documents and Settings\Soleil Robichaud\Application Data\Sun
2008-08-27 19:05:47 ----A---- C:\WINDOWS\System32\javaws.exe
2008-08-27 19:05:47 ----A---- C:\WINDOWS\System32\javaw.exe
2008-08-27 19:05:47 ----A---- C:\WINDOWS\System32\java.exe
2008-08-27 19:03:47 ----D---- C:\Program Files\Java
2008-08-27 19:03:38 ----D---- C:\Program Files\Common Files\Java
2008-08-26 18:40:51 ----D---- C:\Documents and Settings\Soleil Robichaud\Application Data\Yahoo!
2008-08-26 16:56:35 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-26 16:55:30 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-26 16:49:05 ----A---- C:\YServer.txt
2008-08-26 16:48:02 ----D---- C:\Program Files\Yahoo!
2008-08-26 09:17:54 ----D---- C:\WINDOWS\System32\SoftwareDistribution
2008-08-26 09:16:25 ----A---- C:\WINDOWS\System32\wuweb.dll
2008-08-26 09:16:25 ----A---- C:\WINDOWS\System32\wups.dll
2008-08-26 09:16:25 ----A---- C:\WINDOWS\System32\wucltui.dll
2008-08-26 09:16:25 ----A---- C:\WINDOWS\System32\wuaueng1.dll
2008-08-26 09:16:24 ----A---- C:\WINDOWS\System32\wuauclt1.exe
2008-08-26 09:16:24 ----A---- C:\WINDOWS\System32\wuapi.dll
2008-08-24 20:30:24 ----D---- C:\QooBox
2008-08-24 20:30:20 ----A---- C:\WINDOWS\zip.exe
2008-08-24 20:30:20 ----A---- C:\WINDOWS\VFind.exe
2008-08-24 20:30:20 ----A---- C:\WINDOWS\swxcacls.exe
2008-08-24 20:30:20 ----A---- C:\WINDOWS\swsc.exe
2008-08-24 20:30:20 ----A---- C:\WINDOWS\swreg.exe
2008-08-24 20:30:20 ----A---- C:\WINDOWS\sed.exe
2008-08-24 20:30:20 ----A---- C:\WINDOWS\Nircmd.exe
2008-08-24 20:30:20 ----A---- C:\WINDOWS\grep.exe
2008-08-24 20:30:20 ----A---- C:\WINDOWS\fdsv.exe
2008-08-24 19:54:08 ----D---- C:\WINDOWS\ERUNT
2008-08-24 19:50:52 ----A---- C:\WINDOWS\ntbtlog.txt
2008-08-24 12:30:42 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-24 12:30:10 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-08-23 19:01:37 ----D---- C:\Program Files\Trend Micro
2008-08-23 18:49:03 ----D---- C:\Documents and Settings\Soleil Robichaud\Application Data\AdwareAlert(2)
2008-08-23 18:31:18 ----D---- C:\WINDOWS\SoftwareDistribution
2008-08-23 18:20:42 ----D---- C:\Documents and Settings\Soleil Robichaud\Application Data\Malwarebytes
2008-08-23 18:20:35 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-23 18:20:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-23 18:19:54 ----D---- C:\Program Files\Common Files\Download Manager
2008-08-23 18:14:26 ----D---- C:\WINDOWS\ERDNT
2008-08-23 18:13:42 ----D---- C:\Program Files\ERUNT
2008-08-14 22:37:32 ----D---- C:\Program Files\EPSON
2008-08-14 22:37:19 ----A---- C:\WINDOWS\System32\EAL32.INI
2008-08-14 22:37:19 ----A---- C:\WINDOWS\System32\EAL32.DLL
2008-08-14 22:37:19 ----A---- C:\WINDOWS\System32\EAL.EXE
2008-08-14 22:37:19 ----A---- C:\WINDOWS\System32\E_FLMABA.DLL
2008-08-14 22:37:19 ----A---- C:\WINDOWS\System32\E_FBCHABA.DLL
2008-08-14 22:37:19 ----A---- C:\WINDOWS\System32\E_FBCBABA.DLL
2008-08-11 00:33:35 ----D---- C:\Documents and Settings\Soleil Robichaud\Application Data\acccore
2008-08-11 00:31:02 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-08-11 00:30:54 ----A---- C:\WINDOWS\atid.ini
2008-08-11 00:30:04 ----D---- C:\Program Files\AOL
2008-08-11 00:29:47 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-08-11 00:29:07 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-08-11 00:29:06 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-08-11 00:27:20 ----D---- C:\Program Files\AIM6
2008-08-07 17:31:09 ----A---- C:\WINDOWS\System32\Bsmtp.dll
2008-08-01 23:09:32 ----D---- C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP
2008-08-01 13:35:28 ----D---- C:\Documents and Settings\Soleil Robichaud\Application Data\Macromedia
2008-07-31 14:02:46 ----D---- C:\Documents and Settings\Soleil Robichaud\Application Data\MAGIX
2008-07-25 10:37:12 ----A---- C:\WINDOWS\System32\mgxoschk.dll
2008-06-08 18:06:06 ----A---- C:\WINDOWS\System32\msxml4a.dll
2008-06-08 18:03:52 ----A---- C:\WINDOWS\System32\mpg4c32.dll
2008-06-08 18:03:36 ----AC---- C:\WINDOWS\System32\wmsdmod.dll
2008-06-08 18:03:36 ----AC---- C:\WINDOWS\System32\mpg4dmod.dll
2008-06-08 18:03:35 ----AC---- C:\WINDOWS\System32\wmnetmgr.dll
2008-06-08 18:03:35 ----AC---- C:\WINDOWS\System32\logagent.exe
2008-06-08 18:03:35 ----AC---- C:\WINDOWS\System32\laprxy.dll
2008-06-08 18:03:35 ----A---- C:\WINDOWS\System32\wmadmoe.dll
2008-06-08 18:03:35 ----A---- C:\WINDOWS\System32\wmadmod.dll
2008-06-08 18:03:32 ----AC---- C:\WINDOWS\System32\msnetobj.dll
2008-06-08 18:03:32 ----AC---- C:\WINDOWS\System32\drmv2clt.dll
2008-06-08 18:03:32 ----AC---- C:\WINDOWS\System32\drmstor.dll
2008-06-08 18:03:32 ----AC---- C:\WINDOWS\System32\blackbox.dll
2008-06-08 18:03:32 ----A---- C:\WINDOWS\System32\drmclien.dll
2008-06-08 18:02:19 ----A---- C:\WINDOWS\System32\mplvw7.dll
2008-06-08 18:02:19 ----A---- C:\WINDOWS\System32\mplvpx.dll
2008-06-08 18:02:19 ----A---- C:\WINDOWS\System32\mplvm6.dll
2008-06-08 18:02:19 ----A---- C:\WINDOWS\System32\mplva6.dll
2008-06-08 18:02:19 ----A---- C:\WINDOWS\System32\mplaw7.dll
2008-06-08 18:02:19 ----A---- C:\WINDOWS\System32\mplapx.dll
2008-06-08 18:02:19 ----A---- C:\WINDOWS\System32\mplam6.dll
2008-06-08 18:02:19 ----A---- C:\WINDOWS\System32\mplaa6.dll
2008-06-08 18:02:18 ----A---- C:\WINDOWS\System32\TTIC32.dll
2008-06-08 18:02:18 ----A---- C:\WINDOWS\System32\TTI32.dll
2008-06-08 18:02:18 ----A---- C:\WINDOWS\System32\STRING32.dll
2008-06-08 18:02:18 ----A---- C:\WINDOWS\System32\MXRestore.exe
2008-06-08 18:02:18 ----A---- C:\WINDOWS\System32\mgxcdr.txt
2008-06-08 18:02:18 ----A---- C:\WINDOWS\System32\DLLTPO32.dll
2008-06-08 18:02:18 ----A---- C:\WINDOWS\System32\DLLRES32.dll
2008-06-08 18:02:18 ----A---- C:\WINDOWS\System32\DLLRD32.dll
2008-06-08 18:02:18 ----A---- C:\WINDOWS\System32\DLLPTL32.dll
2008-06-08 18:02:18 ----A---- C:\WINDOWS\System32\DLLPRJ32.dll
2008-06-08 18:02:18 ----A---- C:\WINDOWS\System32\DLLPRF32.dll
2008-06-08 18:02:18 ----A---- C:\WINDOWS\System32\DLLPNT32.dll
2008-06-08 18:02:18 ----A---- C:\WINDOWS\System32\DLLMSC32.dll
2008-06-08 18:02:18 ----A---- C:\WINDOWS\System32\DLLIX.dll
2008-06-08 18:02:18 ----A---- C:\WINDOWS\System32\DLLISO32.dll
2008-06-08 18:02:18 ----A---- C:\WINDOWS\System32\DLLIO32.dll
2008-06-08 18:02:18 ----A---- C:\WINDOWS\System32\DLLIMG32.dll
2008-06-08 18:02:18 ----A---- C:\WINDOWS\System32\DLLDRV32.dll
2008-06-08 18:02:18 ----A---- C:\WINDOWS\System32\DLLDIR32.dll
2008-06-08 18:02:18 ----A---- C:\WINDOWS\System32\DLLDEV32.dll
2008-06-08 18:02:18 ----A---- C:\WINDOWS\System32\DLLCPY32.dll
2008-06-08 18:02:18 ----A---- C:\WINDOWS\System32\DLLCDF32.dll
2008-06-08 18:02:18 ----A---- C:\WINDOWS\System32\DLLCDA32.dll
2008-06-08 18:02:18 ----A---- C:\WINDOWS\System32\DLLAV32.dll
2008-06-08 18:02:18 ----A---- C:\WINDOWS\System32\cpuinf32.dll
2008-06-08 18:02:08 ----D---- C:\Program Files\Common Files\MAGIX Shared

List of drivers

R2 ASCTRM;ASCTRM; C:\WINDOWS\System32\drivers\ASCTRM.sys [2003-04-29 8552]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-23 113504]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-23 78752]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-01-10 98912]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2002-12-20 1164576]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2002-12-13 99577]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2002-08-28 13184]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-09-25 140800]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-23 90907]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-01-28 541376]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2003-07-03 25216]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2003-07-03 53120]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2003-07-03 19328]
S2 mrtRate;mrtRate; C:\WINDOWS\System32\drivers\mrtRate.sys []
S3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011; C:\WINDOWS\system32\drivers\wA301a.sys [2003-04-23 33335]
S3 AR5211;Atheros AR5001 Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\ar5211.sys [2003-01-17 253248]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver; C:\WINDOWS\System32\DRIVERS\cben5.sys [2001-08-17 46108]
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\System32\drivers\CDANT.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 papycpu;papycpu; C:\WINDOWS\System32\drivers\papycpu.sys []
S3 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\System32\Drivers\Tbiosdrv.sys []
S3 TIEHDUSB;TIEHDUSB; C:\WINDOWS\system32\drivers\tiehdusb.sys [2004-02-04 49536]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2003-07-03 28160]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 wlags48b;Wireless LAN PCCard Driver; C:\WINDOWS\System32\DRIVERS\wlags48b.sys [2002-06-28 156672]
S3 wlluc48;Wireless LAN PC Card Driver; C:\WINDOWS\System32\DRIVERS\wlluc48.sys [2002-08-28 154624]

List of services

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-27 611664]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE [2001-09-10 32256]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2002-08-29 250368]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2004-09-29 69632]

-----------------EOF-----------------





RSIT info log:

info.txt logfile of random's system information tool 2008-09-02 19:19:46

Uninstall list

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AccessRamp Installer-->C:\PROGRA~1\ACCESS~1\Logs\UNWISE.EXE C:\PROGRA~1\ACCESS~1\Logs\INSTALL.LOG
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0-->"C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
Alps Pointing-device Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
C-Dilla Licence Management System-->C:\C_DILLA\setup\cdunin16.exe
Chopper XP 2.3-->"C:\Documents and Settings\Trevor Robichaud\My Documents\movie making software\Chopper XP\unins000.exe"
Digimax Master-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x9 -removeonly
Digimax S500-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E2EC824-DC8B-45CD-A839-58FA00EA5953}\Setup.exe" anything
Digital Camera Suite-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Camera Suite\Uninst.isu"
Drag'n Drop CD+DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DDC146FA-73E0-4FA1-A353-841EA14BF600}\Setup.exe" -l0x9 deleteall
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Extended Capabilities 5.3-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.A-->"C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Indeo® software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo® software\Uninst.isu"
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD 4-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lara Croft Tomb Raider The Cradle of Life Screen Saver-->C:\WINDOWS\Lara Croft Tomb Raider The Cradle of Life.scr /u
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash Player-->MsiExec.exe /X{27579b3c-5470-4496-be6c-0c872674f19f}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft Word 2000-->MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MindSpring Internet Software-->C:\Program Files\MindSpring 4.0\MIDUninstall.exe
Notebook Maximizer-->C:\WINDOWS\iun506.exe C:\Program Files\Notebook Maximizer\irunin.ini
OnRez (remove only)-->"C:\Documents and Settings\Trevor Robichaud\My Documents\My Videos\Narration\OnRez\uninst.exe" /P="OnRez"
Pivot Stickfigure Animator-->MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}
Quicken 2003 New User Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F61F2821-694C-475F-99AB-6AF2EFDF40FD} anything
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
TI Connect 1.5-->MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
TOSHIBA Access-->C:\PROGRA~1\TOSHIB~1\UNWISE.EXE C:\PROGRA~1\TOSHIB~1\INSTALL.LOG
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\Setup.exe"
TOSHIBA Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -l0x9
Toshiba Hotkey Utility for Display Devices-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
TOSHIBA Power Saver-->TPWRDEL.EXE
Toshiba Registration-->MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->C:\TOSHIBA\Ivp\Swupdate\UNWISE.EXE C:\TOSHIBA\Ivp\Swupdate\INSTALL.LOG
TOSHIBA System Stability Program-->C:\TOSHIBA\SYSSTA~1\UNWISE.EXE C:\TOSHIBA\SYSSTA~1\INSTALL.LOG
Toshiba Tbiosdrv Driver-->C:\PROGRA~1\Toshiba\TOSHIB~1\UNWISE.EXE C:\PROGRA~1\Toshiba\TOSHIB~1\INSTALL.LOG
TOSHIBA TouchPad On/Off Utility V2.05.00-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TouchED\Uninst.isu" -c"C:\Program Files\TOSHIBA\TouchED\tpedinst.dll"
TOSHIBA Utilities-->tutildel.exe
Update for Windows XP (KB835409)-->"C:\WINDOWS\$NtUninstallKB835409$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows XP Hotfix - KB822603-->C:\WINDOWS\$NtUninstallKB822603$\spuninst\spuninst.exe
Windows XP Hotfix - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB918899-->"C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\spuninst\spuninst.exe"
Windows XP Hotfix (SP2) [See Q329048 for more information]-->C:\WINDOWS\$NtUninstallQ329048$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) [See q329112 for more information]-->C:\WINDOWS\$NtUninstallq329112$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) [See Q329115 for more information]-->C:\WINDOWS\$NtUninstallQ329115$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) [See Q329390 for more information]-->C:\WINDOWS\$NtUninstallQ329390$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q327979-->C:\WINDOWS\$NtUninstallQ327979$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q329170-->C:\WINDOWS\$NtUninstallQ329170$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q329834-->C:\WINDOWS\$NtUninstallQ329834$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q810565-->C:\WINDOWS\$NtUninstallQ810565$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q810577-->C:\WINDOWS\$NtUninstallQ810577$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q810583-->C:\WINDOWS\$NtUninstallQ810583$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q810833-->C:\WINDOWS\$NtUninstallQ810833$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q814033-->C:\WINDOWS\$NtUninstallQ814033$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q816509-->C:\WINDOWS\$NtUninstallQ816509$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q816843-->C:\WINDOWS\$NtUninstallQ816843$\spuninst\spuninst.exe
Yahoo! Extras-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager-->C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP