Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

zlob popups

Started by I_Eat_Whole_Cows , Dec 07 2008 01:27 AM

  • Please log in to reply

#1
I_Eat_Whole_Cows
Posted 07 December 2008 - 01:27 AM

I_Eat_Whole_Cows

    New Member

  • Member
  • Pip
  • 5 posts
I keep getting a pop up that looks like windows firewall that says I have zlob on my system and my maleware programs don't find anything. Here's what my HJT scans said:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:51 AM, on 12/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\NettalkIRCD\NettalkIRCD.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\200863194326_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\20086319437_mcinfo.exe /insfin
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame....ch_USAv1002.cab
O20 - AppInit_DLLs: C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NettalkIRCD (NtIrcd) - Nicolas Kruse - C:\Program Files\NettalkIRCD\NettalkIRCD.exe

--
End of file - 9968 bytes

Thanks in advance for any help :)
  • 0

Advertisements

#2
kahdah
Posted 07 December 2008 - 08:50 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello I_Eat_Whole_Cows

Welcome to G2Go. :)
=====================
Please make multiple posts here so I can see all of each log.
May take more than one reply to get all of them in.
================================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
=============
Download GMER from Here :
Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.
  • 0

#3
I_Eat_Whole_Cows
Posted 07 December 2008 - 12:39 PM

I_Eat_Whole_Cows

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here's log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Compaq_Owner at 2008-12-07 12:36:44
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 28 GB (41%) free of 69 GB
Total RAM: 3006 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:49 PM, on 12/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\NettalkIRCD\NettalkIRCD.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Compaq_Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\200863194326_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\20086319437_mcinfo.exe /insfin
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame....ch_USAv1002.cab
O20 - AppInit_DLLs: C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NettalkIRCD (NtIrcd) - Nicolas Kruse - C:\Program Files\NettalkIRCD\NettalkIRCD.exe

--
End of file - 10186 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\pddzoupg.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-02-22 352256]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! ¤u¨ã¦C - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll [2007-12-18 817936]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-09-21 1605740]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-02-17 49152]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-12-11 286720]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2006-09-10 218032]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2007-07-23 77824]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
"Cleanup"=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\200863194326_mcappins.exe /v=3 /cleanup []
"msci"=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\20086319437_mcinfo.exe /insfin []
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-11-09 180269]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-12-03 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
""= []
"Aim6"= []
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-10 218032]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-11-20 342336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDownload]
C:\Program Files\BitDownload\BitDownload.exe /minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-11-09 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"bgsvcgen"=2
"avg8wd"=2
"avg8emc"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Monitor Apache Servers.lnk - C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-05-12 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RelevantKnowledge]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\BitDownload\BitDownload.exe"="C:\Program Files\BitDownload\BitDownload.exe:*:Enabled:Warez3"
"C:\Program Files\Gameforge4D\Flysis\Launcher.atm"="C:\Program Files\Gameforge4D\Flysis\Launcher.atm:Enabled:GameExe2"
"C:\Program Files\Gameforge4D\Flysis\Res-Voip\SCVoIP.exe"="C:\Program Files\Gameforge4D\Flysis\Res-Voip\SCVoIP.exe:Enabled:GameVoIP"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\MAIET\Gunz\GunzLauncher.exe"="C:\Program Files\MAIET\Gunz\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\RedlightCenter\RedLightCenter\Redlightcenter.exe"="C:\Program Files\RedlightCenter\RedLightCenter\Redlightcenter.exe:*:Enabled:Redlightcenter"
"C:\Program Files\Codemasters\RF Online\RF.exe"="C:\Program Files\Codemasters\RF Online\RF.exe:*:Enabled:RFLauncher"
"C:\Documents and Settings\Compaq_Owner\Desktop\WoW-BurningCrusade-Trial-enUS-Installer-downloader.exe"="C:\Documents and Settings\Compaq_Owner\Desktop\WoW-BurningCrusade-Trial-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Documents and Settings\Compaq_Owner\Desktop\Server Fies\New Folder\Database\bin\mysqld-nt.exe"="C:\Documents and Settings\Compaq_Owner\Desktop\Server Fies\New Folder\Database\bin\mysqld-nt.exe:*:Enabled:mysqld-nt"
"C:\Documents and Settings\Compaq_Owner\Desktop\Server Fies\New Folder\ascent-world.exe"="C:\Documents and Settings\Compaq_Owner\Desktop\Server Fies\New Folder\ascent-world.exe:*:Enabled:ascent-world"
"C:\Documents and Settings\Compaq_Owner\Desktop\Server Fies\New Folder\ascent-logonserver.exe"="C:\Documents and Settings\Compaq_Owner\Desktop\Server Fies\New Folder\ascent-logonserver.exe:*:Enabled:ascent-logonserver"
"C:\Documents and Settings\Compaq_Owner\Desktop\DnLDownloader.exe"="C:\Documents and Settings\Compaq_Owner\Desktop\DnLDownloader.exe:*:Enabled:DnLDownloader"
"C:\Program Files\Fury\Binaries\Fury.exe"="C:\Program Files\Fury\Binaries\Fury.exe:*:Enabled:Fury"
"C:\Program Files\Fury\Binaries\DiamondWare\dwTVC.exe"="C:\Program Files\Fury\Binaries\DiamondWare\dwTVC.exe:*:Enabled:Fury VOIP"
"C:\Program Files\Softnyx\RakionIS\Bin\rakion.bin"="C:\Program Files\Softnyx\RakionIS\Bin\rakion.bin:*:Enabled:rakion"
"C:\Program Files\Laplink\PCsync\SFTHost.exe"="C:\Program Files\Laplink\PCsync\SFTHost.exe:*:Enabled:PCsync Host Module"
"C:\Program Files\Autodesk\Maya 8.5 Personal Learning Edition\bin\maya.exe"="C:\Program Files\Autodesk\Maya 8.5 Personal Learning Edition\bin\maya.exe:*:Enabled:Maya"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Participatory Culture Foundation\Miro\xulrunner\python\Miro_Downloader.exe"="C:\Program Files\Participatory Culture Foundation\Miro\xulrunner\python\Miro_Downloader.exe:*:Enabled:Miro_Downloader"
"C:\WINDOWS\Temp\~os2.tmp\ossproxy.exe"="C:\WINDOWS\Temp\~os2.tmp\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\Program Files\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Python25\python.exe"="C:\Python25\python.exe:*:Enabled:python"
"C:\Python25\pythonw.exe"="C:\Python25\pythonw.exe:*:Enabled:pythonw"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-12-07 12:36:44 ----D---- C:\rsit
2008-12-07 01:17:56 ----D---- C:\Program Files\Trend Micro
2008-12-06 18:48:40 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\PCF-VLC
2008-12-06 16:55:06 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Blender Foundation
2008-12-06 16:54:57 ----D---- C:\Program Files\Blender Foundation
2008-12-06 12:32:31 ----A---- C:\WINDOWS\system32\0bb8f311-.txt
2008-12-04 21:55:06 ----D---- C:\tmmokit
2008-12-04 21:52:56 ----D---- C:\Program Files\NSIS
2008-12-04 21:51:09 ----D---- C:\Program Files\TortoiseSVN
2008-12-04 21:49:36 ----D---- C:\Program Files\NettalkIRCD
2008-12-04 21:46:59 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Subversion
2008-12-04 21:46:41 ----D---- C:\mygame
2008-12-04 21:40:00 ----D---- C:\svnrepo
2008-12-04 21:37:22 ----D---- C:\Program Files\Subversion
2008-12-04 21:28:22 ----D---- C:\Program Files\Apache Group
2008-12-04 21:18:07 ----A---- C:\WINDOWS\system32\pywintypes25.dll
2008-12-04 21:18:07 ----A---- C:\WINDOWS\system32\pythoncom25.dll
2008-12-04 21:16:54 ----A---- C:\WINDOWS\system32\libssl32.dll
2008-12-04 21:16:53 ----A---- C:\WINDOWS\system32\ssleay32.dll
2008-12-04 21:16:53 ----A---- C:\WINDOWS\system32\libeay32.dll
2008-12-04 21:16:49 ----D---- C:\OpenSSL
2008-12-04 21:12:46 ----D---- C:\Python25
2008-12-04 21:11:08 ----D---- C:\tmmokit_dev_files
2008-12-03 21:56:25 ----D---- C:\Program Files\QuArK 6.6.0 Beta 1
2008-12-03 21:34:45 ----D---- C:\Program Files\jEdit
2008-12-03 21:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2008-12-03 21:27:45 ----D---- C:\Program Files\Microsoft SQL Server
2008-12-03 21:22:08 ----D---- C:\Program Files\Microsoft.NET
2008-12-03 21:21:36 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2008-12-03 21:21:36 ----D---- C:\Program Files\Common Files\Merge Modules
2008-12-03 21:21:35 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-03 21:20:07 ----D---- C:\Program Files\Microsoft SDKs
2008-12-03 21:15:01 ----D---- C:\b4be913159bb749a3e917f9239
2008-12-03 21:14:40 ----D---- C:\WINDOWS\SxsCaPendDel
2008-12-03 19:53:07 ----D---- C:\Program Files\TorqueShowToolPro-1-04
2008-12-03 19:47:17 ----D---- C:\Torque
2008-12-01 22:15:43 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-01 22:15:43 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-01 22:15:43 ----A---- C:\WINDOWS\system32\java.exe
2008-12-01 21:40:32 ----D---- C:\386572d44393d34b23
2008-12-01 21:40:20 ----RHD---- C:\AHCache
2008-12-01 21:40:09 ----D---- C:\0afeecc5d07162bbc2b2a0
2008-11-30 19:07:25 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Participatory Culture Foundation
2008-11-30 19:02:26 ----D---- C:\Program Files\Participatory Culture Foundation
2008-11-29 16:32:44 ----D---- C:\Program Files\IrfanView
2008-11-29 16:04:51 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2008-11-29 16:04:50 ----A---- C:\WINDOWS\system32\SkinCrafter.dll
2008-11-29 16:04:47 ----D---- C:\Program Files\AudioShareware.com
2008-11-29 13:34:27 ----D---- C:\Program Files\Lavalys
2008-11-23 14:10:55 ----D---- C:\WINDOWS\ie7updates
2008-11-23 14:08:56 ----D---- C:\WINDOWS\WBEM
2008-11-23 14:07:12 ----HDC---- C:\WINDOWS\ie7
2008-11-23 14:06:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-11-23 14:05:58 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-11-23 14:04:51 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-11-23 14:04:46 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-11-23 14:00:07 ----D---- C:\WINDOWS\network diagnostic
2008-11-23 14:00:06 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2008-11-23 13:59:39 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-11-20 18:54:07 ----D---- C:\Program Files\AVG
2008-11-20 18:54:02 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-20 18:38:00 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-20 18:38:00 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-20 18:18:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-20 15:03:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-20 15:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-20 15:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-20 15:02:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-20 15:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-20 15:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-20 15:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-20 15:02:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-20 15:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-20 15:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-20 15:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-20 15:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-20 15:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-20 15:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-20 15:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-20 15:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-20 15:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-20 15:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-11-20 09:21:02 ----D---- C:\mGame
2008-11-20 02:00:39 ----D---- C:\WINDOWS\system32\CatRoot_bak

======List of files/folders modified in the last 1 months======

2008-12-07 12:36:42 ----D---- C:\WINDOWS\Prefetch
2008-12-07 12:35:23 ----D---- C:\WINDOWS\system32
2008-12-07 12:29:07 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\DNA
2008-12-07 04:30:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-07 01:40:50 ----D---- C:\WINDOWS\system32\drivers
2008-12-07 01:17:56 ----D---- C:\Program Files
2008-12-07 01:08:20 ----D---- C:\Program Files\Mozilla Firefox
2008-12-07 01:07:59 ----D---- C:\WINDOWS\Temp
2008-12-07 01:07:58 ----D---- C:\Program Files\DNA
2008-12-06 23:53:52 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Google
2008-12-06 19:19:39 ----D---- C:\WINDOWS
2008-12-06 12:26:57 ----D---- C:\WINDOWS\Tasks
2008-12-06 12:26:57 ----D---- C:\temp
2008-12-05 22:35:02 ----A---- C:\WINDOWS\ModemLog_PCI Data Fax SoftModem with SmartCP.txt
2008-12-04 22:44:25 ----D---- C:\WINDOWS\system32\dllcache
2008-12-04 22:44:25 ----D---- C:\Config.Msi
2008-12-04 21:51:15 ----SHD---- C:\WINDOWS\Installer
2008-12-03 22:27:44 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-03 22:27:41 ----RSD---- C:\WINDOWS\assembly
2008-12-03 21:34:49 ----A---- C:\WINDOWS\jedit.bat
2008-12-03 21:29:30 ----HD---- C:\WINDOWS\inf
2008-12-03 21:29:25 ----D---- C:\WINDOWS\system32\mui
2008-12-03 21:26:04 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft
2008-12-03 21:24:42 ----D---- C:\WINDOWS\WinSxS
2008-12-03 21:24:29 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-03 21:21:36 ----D---- C:\Program Files\Common Files
2008-12-03 21:16:36 ----D---- C:\WINDOWS\system32\XPSViewer
2008-12-03 21:16:31 ----D---- C:\WINDOWS\system32\en-us
2008-12-03 21:16:24 ----RSD---- C:\WINDOWS\Fonts
2008-12-03 21:12:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-03 21:11:29 ----D---- C:\Program Files\Internet Explorer
2008-12-03 18:39:18 ----D---- C:\Program Files\Torque
2008-12-03 11:40:34 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-02 20:59:50 ----RSH---- C:\boot.ini
2008-12-02 20:59:50 ----A---- C:\WINDOWS\win.ini
2008-12-02 20:59:50 ----A---- C:\WINDOWS\system.ini
2008-12-02 20:35:30 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\OpenOffice.org2
2008-12-02 20:16:46 ----D---- C:\WINDOWS\pss
2008-12-01 22:15:41 ----D---- C:\Program Files\Java
2008-12-01 14:20:15 ----D---- C:\WINDOWS\system32\config
2008-11-30 19:07:40 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla
2008-11-30 16:13:02 ----AC---- C:\WINDOWS\setuplog.txt
2008-11-29 18:23:07 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\gtk-2.0
2008-11-29 17:32:44 ----AC---- C:\WINDOWS\IE4 Error Log.txt
2008-11-24 15:09:44 ----A---- C:\WINDOWS\imsins.BAK
2008-11-24 15:07:33 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-23 15:02:30 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-23 14:23:42 ----D---- C:\WINDOWS\Help
2008-11-23 14:08:45 ----D---- C:\WINDOWS\Media
2008-11-21 10:02:31 ----SD---- C:\WINDOWS\Cookies
2008-11-20 19:24:15 ----D---- C:\WINDOWS\wt
2008-11-20 19:24:13 ----A---- C:\WINDOWS\WININIT.INI
2008-11-20 15:03:00 ----D---- C:\Program Files\Messenger
2008-11-20 09:45:22 ----D---- C:\WINDOWS\Downloaded Program Files
2008-11-20 09:21:10 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-20 02:00:39 ----D---- C:\WINDOWS\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2008-05-06 16512]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 X4HSX32;X4HSX32; \??\C:\Program Files\GameTap\bin\Release\X4HSX32.Sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-29 3644928]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-05-12 3007488]
R3 FETNDISB;D-Link PCI Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys [2005-07-01 43008]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-12-15 220928]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-04-11 20496]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-04-11 28688]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-03-31 27008]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-04-25 25280]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-04-11 63248]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-04-11 79376]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 winusb;WinUSB Service; C:\WINDOWS\system32\DRIVERS\WinUSB.SYS [2006-11-02 39368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva004;XDva004; \??\C:\WINDOWS\system32\XDva004.sys []
S3 XDva037;XDva037; \??\C:\WINDOWS\system32\XDva037.sys []
S3 XDva075;XDva075; \??\C:\WINDOWS\system32\XDva075.sys []
S3 XDva098;XDva098; \??\C:\WINDOWS\system32\XDva098.sys []
S3 XDva119;XDva119; \??\C:\WINDOWS\system32\XDva119.sys []
S3 XDva121;XDva121; \??\C:\WINDOWS\system32\XDva121.sys []
S3 XDva164;XDva164; \??\C:\WINDOWS\system32\XDva164.sys []
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apache2;Apache2; C:\Program Files\Apache Group\Apache2\bin\Apache.exe [2007-09-05 20541]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-05-12 540672]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NtIrcd;NettalkIRCD; C:\Program Files\NettalkIRCD\NettalkIRCD.exe [2006-03-01 459776]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-05-12 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-30 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2005-04-30 86016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

and here's info:


info.txt logfile of random's system information tool 1.04 2008-12-07 12:36:53

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec /X{45820070-9BE5-4785-B770-A50F5240250B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
5 Card Slingo from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3B3B73D1-DC4A-4780-B0E4-E823D08B3397\Uninstall.exe"
530TX+-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C71A1FD7-EB23-45AA-A9AA-8DFEC0881875}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Advertisement Service-->C:\WINDOWS\system32\prunnet.exe Uninstall
AGEIA PhysX v7.06.25-->MsiExec.exe /X{45820070-9BE5-4785-B770-A50F5240250B}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0-->"C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
Apache HTTP Server 2.0.61-->MsiExec.exe /I{3A862C7D-0504-48BC-AEF8-7F7479C7C158}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AstroPop Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\997DD523-B925-4C73-970B-C201E8F781AD\Uninstall.exe"
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.3.5 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
Barnyard Invasion from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\53474592-01BC-4338-8647-FE350957D912\Uninstall.exe"
Bejeweled 2 Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\D84AC71A-75E8-4709-8BA5-4B46EAC00C5E\Uninstall.exe"
Blackhawk Striker 2 from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF\Uninstall.exe"
Blasterball 2 from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\75528D5F-DD82-402E-BA7C-045B7DC6A712\Uninstall.exe"
Blasterball 2 Remix from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\9D7E7CDA-051E-4B0D-8CEE-58F41F449CF9\Uninstall.exe"
Blender (remove only)-->"C:\Program Files\Blender Foundation\Blender\uninstall.exe"
Boggle Supreme from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\C6D35CCA-3F9E-4B6E-A17F-409EE7379D6B\Uninstall.exe"
Bookworm Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E618FC78-EE4F-4243-8409-078EB5E0B1F6\Uninstall.exe"
Bounce Symphony from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\29FF6D07-4A15-41F1-9D5E-E0F3A58012C6\Uninstall.exe"
CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Chuzzle Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\9448DE42-C017-4A3E-A0BB-C50BF673E9E0\Uninstall.exe"
Compaq Game Console and games-->C:\Program Files\WildTangent\Apps\hpuninstall.exe
Crystal Maze from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\C43D84CD-EBFC-48D3-A330-7868C8AD415A\Uninstall.exe"
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -IAsu200Ck.inf
Desktop Dot-->C:\WINDOWS\uninst.exe -f"C:\Program Files\RJL Software\Desktop Dot\DeIsL1.isu" -c"C:\Program Files\RJL Software\Desktop Dot\_ISREG32.DLL"
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
D-Link PCI Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $D-Link
Dual-Core Optimizer-->MsiExec.exe /X{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Family Feud-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\BBE9E0F3-11F7-4424-9905-8E0153E872C1\Uninstall.exe"
FATE from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\85CF9BF3-1057-468C-962D-31BAABC6AC72\Uninstall.exe"
foobar2000 v0.9.5.1-->"C:\Program Files\foobar2000\uninstall.exe"
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
GameTap-->C:\Program Files\InstallShield Installation Information\{67E158AF-8856-4337-B483-EA21930786AF}\setup.exe -runfromtemp -l0x0009 -removeonly
GIMP 2.4.5-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0303B6A-C675-4102-95DA-C013625BFA99}\setup.exe" -l0x9 -removeonly
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HolicUSA-->C:\Program Files\InstallShield Installation Information\{E12E647D-864B-4505-BFA7-03EFC1F3364F}\setup.exe -runfromtemp -l0x0009 -removeonly
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)-->C:\WINDOWS\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)-->C:\WINDOWS\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)-->C:\WINDOWS\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)-->C:\WINDOWS\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)-->C:\WINDOWS\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)-->C:\WINDOWS\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /uninstall
HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Support Overview-->"C:\WINDOWS\unins000.exe"
Icon Maker 1.0.0.0-->"C:\Program Files\AudioShareware.com\IconMaker\unins000.exe"
imgSeek (remove only)-->"C:\Program Files\imgSeek\uninstall.exe"
Inkscape 0.46-->C:\Program Files\Inkscape\Uninstall.exe
Insaniquarium Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\5AF1DD17-7B06-45EF-8592-2E524E458BAB\Uninstall.exe"
J2SE Runtime Environment 5.0 Update 5--

Edited by kahdah, 07 December 2008 - 09:56 PM.

  • 0

#4
I_Eat_Whole_Cows
Posted 07 December 2008 - 01:03 PM

I_Eat_Whole_Cows

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
And finally the Gmer results

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-07 13:03:04
Windows 5.1.2600 Service Pack 2


---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\wuauclt.exe[1600] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00AF917C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\WINDOWS\system32\wuauclt.exe[1600] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00AFAFFC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\WINDOWS\system32\wuauclt.exe[1600] ws2_32.dll!send 71AB428A 5 Bytes JMP 00AF933C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\WINDOWS\system32\wuauclt.exe[1600] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00AF96E4 C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\WINDOWS\system32\wuauclt.exe[1600] ws2_32.dll!recv 71AB615A 5 Bytes JMP 00AF98CC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2080] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 0412917C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2080] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0412AFFC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2080] ws2_32.dll!send 71AB428A 5 Bytes JMP 0412933C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2080] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 041296E4 C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2080] ws2_32.dll!recv 71AB615A 5 Bytes JMP 041298CC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[2388] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 010D917C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[2388] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 010DAFFC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[2388] WS2_32.dll!send 71AB428A 5 Bytes JMP 010D933C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[2388] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 010D96E4 C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[2388] WS2_32.dll!recv 71AB615A 5 Bytes JMP 010D98CC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\WINDOWS\ALCXMNTR.EXE[2516] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00F8917C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\WINDOWS\ALCXMNTR.EXE[2516] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00F8AFFC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\WINDOWS\ALCXMNTR.EXE[2516] ws2_32.dll!send 71AB428A 5 Bytes JMP 00F8933C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\WINDOWS\ALCXMNTR.EXE[2516] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00F896E4 C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\WINDOWS\ALCXMNTR.EXE[2516] ws2_32.dll!recv 71AB615A 5 Bytes JMP 00F898CC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\WINDOWS\Explorer.EXE[2748] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 0212917C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\WINDOWS\Explorer.EXE[2748] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0212AFFC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\WINDOWS\Explorer.EXE[2748] WS2_32.dll!send 71AB428A 5 Bytes JMP 0212933C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\WINDOWS\Explorer.EXE[2748] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 021296E4 C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\WINDOWS\Explorer.EXE[2748] WS2_32.dll!recv 71AB615A 5 Bytes JMP 021298CC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\HP\HP Software Update\HPwuSchd2.exe[2880] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 008E917C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\HP\HP Software Update\HPwuSchd2.exe[2880] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 008EAFFC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\HP\HP Software Update\HPwuSchd2.exe[2880] ws2_32.dll!send 71AB428A 5 Bytes JMP 008E933C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\HP\HP Software Update\HPwuSchd2.exe[2880] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 008E96E4 C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\HP\HP Software Update\HPwuSchd2.exe[2880] ws2_32.dll!recv 71AB615A 5 Bytes JMP 008E98CC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text c:\windows\system\hpsysdrv.exe[2932] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00D7917C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text c:\windows\system\hpsysdrv.exe[2932] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00D7AFFC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text c:\windows\system\hpsysdrv.exe[2932] ws2_32.dll!send 71AB428A 5 Bytes JMP 00D7933C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text c:\windows\system\hpsysdrv.exe[2932] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00D796E4 C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text c:\windows\system\hpsysdrv.exe[2932] ws2_32.dll!recv 71AB615A 5 Bytes JMP 00D798CC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3060] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00D6917C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3060] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00D6AFFC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3060] ws2_32.dll!send 71AB428A 5 Bytes JMP 00D6933C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3060] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00D696E4 C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3060] ws2_32.dll!recv 71AB615A 5 Bytes JMP 00D698CC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3108] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 037C917C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3108] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 037CAFFC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3108] ws2_32.dll!send 71AB428A 5 Bytes JMP 037C933C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3108] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 037C96E4 C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3108] ws2_32.dll!recv 71AB615A 5 Bytes JMP 037C98CC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\WINDOWS\system32\ctfmon.exe[3140] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00AF917C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\WINDOWS\system32\ctfmon.exe[3140] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00AFAFFC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\WINDOWS\system32\ctfmon.exe[3140] ws2_32.dll!send 71AB428A 5 Bytes JMP 00AF933C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\WINDOWS\system32\ctfmon.exe[3140] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00AF96E4 C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\WINDOWS\system32\ctfmon.exe[3140] ws2_32.dll!recv 71AB615A 5 Bytes JMP 00AF98CC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3264] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00DE917C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3264] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00DEAFFC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3264] ws2_32.dll!send 71AB428A 5 Bytes JMP 00DE933C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3264] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00DE96E4 C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3264] ws2_32.dll!recv 71AB615A 5 Bytes JMP 00DE98CC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\DNA\btdna.exe[3296] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 0157917C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\DNA\btdna.exe[3296] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0157AFFC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\DNA\btdna.exe[3296] WS2_32.dll!send 71AB428A 5 Bytes JMP 0157933C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\DNA\btdna.exe[3296] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 015796E4 C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\DNA\btdna.exe[3296] WS2_32.dll!recv 71AB615A 5 Bytes JMP 015798CC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Documents and Settings\Compaq_Owner\Application Data\Google\kjzna1562565.exe[3304] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 003A917C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Documents and Settings\Compaq_Owner\Application Data\Google\kjzna1562565.exe[3304] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 003AAFFC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Documents and Settings\Compaq_Owner\Application Data\Google\kjzna1562565.exe[3304] ws2_32.dll!send 71AB428A 5 Bytes JMP 003A933C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Documents and Settings\Compaq_Owner\Application Data\Google\kjzna1562565.exe[3304] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 003A96E4 C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Documents and Settings\Compaq_Owner\Application Data\Google\kjzna1562565.exe[3304] ws2_32.dll!recv 71AB615A 5 Bytes JMP 003A98CC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3332] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 010F917C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3332] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 010FAFFC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3332] ws2_32.dll!send 71AB428A 5 Bytes JMP 010F933C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3332] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 010F96E4 C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3332] ws2_32.dll!recv 71AB615A 5 Bytes JMP 010F98CC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Documents and Settings\Compaq_Owner\Desktop\gmer.exe[3452] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00D5917C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Documents and Settings\Compaq_Owner\Desktop\gmer.exe[3452] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00D5AFFC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Documents and Settings\Compaq_Owner\Desktop\gmer.exe[3452] ws2_32.dll!send 71AB428A 5 Bytes JMP 00D5933C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Documents and Settings\Compaq_Owner\Desktop\gmer.exe[3452] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00D596E4 C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Documents and Settings\Compaq_Owner\Desktop\gmer.exe[3452] ws2_32.dll!recv 71AB615A 5 Bytes JMP 00D598CC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3640] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 0251917C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3640] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0251AFFC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3640] ws2_32.dll!send 71AB428A 5 Bytes JMP 0251933C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3640] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 025196E4 C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3640] ws2_32.dll!recv 71AB615A 5 Bytes JMP 025198CC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3932] WS2_32.dll!send 71AB428A 5 Bytes JMP 0170933C C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3932] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 017096E4 C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3932] WS2_32.dll!recv 71AB615A 5 Bytes JMP 017098CC C:\Documents and Settings\Compaq_Owner\Application Data\Google\spcffwl.dll

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)

---- Processes - GMER 1.0.14 ----

Process C:\Documents and Settings\Compaq_Owner\Application Data\Google\kjzna1562565.exe (*** hidden *** ) 3304

---- Registry - GMER 1.0.14 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\[email protected] "C:\Documents and Settings\Compaq_Owner\Application Data\Google\kjzna1562565.exe"
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{45A9B10B-067B-2239-3E2D-D7064B4A2D3D}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{45A9B10B-067B-2239-3E2D-D7064B4A2D3D}@eaajjamfhi 0x66 0x61 0x63 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{45A9B10B-067B-2239-3E2D-D7064B4A2D3D}@dadjgdaf 0x64 0x62 0x65 0x6C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{45A9B10B-067B-2239-3E2D-D7064B4A2D3D}@iailipflmpkmjaohko 0x6B 0x61 0x6D 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{45A9B10B-067B-2239-3E2D-D7064B4A2D3D}@hakkgfllmabehmbc 0x6B 0x61 0x6D 0x6B ...

---- EOF - GMER 1.0.14 ----
  • 0

#5
kahdah
Posted 07 December 2008 - 06:41 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
First please go to Start then Control Panel then Add\remove programs and uninstall these below:

Advertisement Service
Relevant Knowledge

Then exit the add\remove programs list.
==============================
1. Please download The Avenger2 by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\Documents and Settings\Compaq_Owner\Application Data\Google\kjzna1562565.exe
C:\WINDOWS\system32\prunnet.exe 
C:\WINDOWS\system32\0bb8f311-.txt 

Folders to delete:
C:\Program Files\RelevantKnowledge

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh Hijackthis log .
  • 0

#6
I_Eat_Whole_Cows
Posted 07 December 2008 - 07:27 PM

I_Eat_Whole_Cows

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Documents and Settings\Compaq_Owner\Application Data\Google\kjzna1562565.exe" deleted successfully.

Error: file "C:\WINDOWS\system32\prunnet.exe" not found!
Deletion of file "C:\WINDOWS\system32\prunnet.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\0bb8f311-.txt" deleted successfully.

Error: folder "C:\Program Files\RelevantKnowledge" not found!
Deletion of folder "C:\Program Files\RelevantKnowledge" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

And here's the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:26:43 PM, on 12/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NettalkIRCD\NettalkIRCD.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\200863194326_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\20086319437_mcinfo.exe /insfin
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Smax4] "C:\Documents and Settings\Compaq_Owner\Application Data\Google\kjzna1562565.exe"
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame....ch_USAv1002.cab
O20 - AppInit_DLLs: C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NettalkIRCD (NtIrcd) - Nicolas Kruse - C:\Program Files\NettalkIRCD\NettalkIRCD.exe

--
End of file - 10185 bytes
  • 0

#7
kahdah
Posted 07 December 2008 - 07:36 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - AppInit_DLLs: C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\


Now click on Fix Checked and then close Hijackthis.\
================
After that reboot post a new Hijackthis log and let me know if things are back to normal?
  • 0

#8
I_Eat_Whole_Cows
Posted 07 December 2008 - 07:45 PM

I_Eat_Whole_Cows

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
So far every thing's working great. Thanks for the help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:42 PM, on 12/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NettalkIRCD\NettalkIRCD.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\200863194326_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\20086319437_mcinfo.exe /insfin
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Smax4] "C:\Documents and Settings\Compaq_Owner\Application Data\Google\kjzna1562565.exe"
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame....ch_USAv1002.cab
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NettalkIRCD (NtIrcd) - Nicolas Kruse - C:\Program Files\NettalkIRCD\NettalkIRCD.exe

--
End of file - 9902 bytes

Edited by I_Eat_Whole_Cows, 07 December 2008 - 07:46 PM.

  • 0

#9
kahdah
Posted 07 December 2008 - 07:48 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi if you are nit running an antivirus then do the following:

I will need you to do is to Download ONE of these anti-virus programs and install it.
These are free.
AVG free 8.0
Note this is free antispyware protection and Antivirus protection.

or

Antivir
this is just antivirus protection.
=====================
Cleanup:

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 11...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.

======================
Use a Firewall:

Install and use a firewall with outbound protection
While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
I therefore strongly recommend that you install one of the following free firewalls: Sunbelt Free Firewall or Zonealarm
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
Note: You should only have one firewall installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.


=============================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingc...143.html#manual
=====================================
After that your log is clean. :)

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP