Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

virus take over... can't open S&D, hijack, avg, etc...

Started by AE77surfer , Oct 22 2008 09:39 AM

  • Please log in to reply

#1
AE77surfer
Posted 22 October 2008 - 09:39 AM

AE77surfer

    Member

  • Member
  • PipPip
  • 47 posts
so i have some sort of terrible virus takeover. windows does not load in normal startup mode so i am working in safe mose with networking. i can open and operate just about all my programs except ones that deal with virus and spyware removal;spybot s&d, hijack this, avg antivirus. i did manage to get a panda active scan in and ill post the results below. thank you in advance for any help.
[size="1"]
;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-10-22 00:16:16
PROTECTIONS: 2
MALWARE: 64
SUSPECTS: 9
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Symantec Antivirus Corporate Edition 8.0 No Yes
Norton Antivirus Edition 7.5 No No
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00027660 adware/savenow Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{389a5a59-1306-4389-a779-2eb9d0bc1ffb}
00027660 adware/savenow Adware No 0 Yes No hkey_classes_root\clsid\{389a5a59-1306-4389-a779-2eb9d0bc1ffb}
00027660 adware/savenow Adware No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{20752c25-2d97-4e6f-9ee2-94b74d202875}
00027660 adware/savenow Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{711648f0-5ff5-4c81-805e-a1aedbab4951}
00041487 adware/webhancer Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}
00041487 adware/webhancer Adware No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}
00041487 adware/webhancer Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}
00041487 adware/webhancer Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\run\webhancer agent
00041487 adware/webhancer Adware No 0 Yes No C:\Program Files\webHancer\Programs\webhdll.dll
00041487 adware/webhancer Adware No 0 Yes No c:\program files\webhancer
00041487 adware/webhancer Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\webhancer agent
00041487 adware/webhancer Adware No 0 Yes No hkey_classes_root\whiehelperobj.whiehelperobj.1
00041487 adware/webhancer Adware No 0 Yes No hkey_classes_root\whiehelperobj.whiehelperobj
00041487 adware/webhancer Adware No 0 Yes No hkey_classes_root\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}
00041487 adware/webhancer Adware No 0 Yes No hkey_local_machine\software\webhancer
00041487 adware/webhancer Adware No 0 Yes No c:\program files\webhancer
00041487 adware/webhancer Adware No 0 Yes No hkey_classes_root\clsid\{c900b400-cdfe-11d3-976a-00e02913a9e0}
00041487 adware/webhancer Adware No 0 Yes No hkey_local_machine\software\classes\whiehelperobj.whiehelperobj
00041487 adware/webhancer Adware No 0 Yes No hkey_local_machine\software\classes\whiehelperobj.whiehelperobj.1
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\drew@trafficmp[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Lynda\Cookies\lynda@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\drew@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\drew@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Lynda\Cookies\lynda@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\drew@tradedoubler[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\drew@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Lynda\Cookies\lynda@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\drew@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Lynda\Cookies\lynda@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\drew@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\drew@mediaplex[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\drew@com[1].txt
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\drew@hotlog[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Lynda\Cookies\lynda@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\drew@statcounter[2].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Lynda\Cookies\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Lynda\Cookies\[email protected][2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Lynda\Cookies\lynda@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Clifford Martin\Cookies\clifford_martin@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\drew@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\drew@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\[email protected][1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\drew@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Lynda\Cookies\lynda@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\drew@advertising[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Clifford Martin\Cookies\[email protected][3].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Lynda\Cookies\[email protected][1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\[email protected][3].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\[email protected][1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\[email protected][2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\drew@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\drew@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\drew@zedo[1].txt
00173992 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\[email protected][2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\drew@adrevolver[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\drew@go[1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\drew@did-it[1].txt
00219235 Adware/CommAd Adware No 0 Yes No C:\WINDOWS\Q2xpZmZvcmQgTWFydGlu\asappsrv.dll
00219235 adware/commad Adware No 0 Yes No hkey_local_machine\system\controlset001\services\cmdservice
00219235 adware/commad Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}
00219235 adware/commad Adware No 0 Yes No hkey_local_machine\system\controlset001\services\network monitor
00219235 adware/commad Adware No 0 Yes No c:\program files\network monitor
00219235 adware/commad Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be}
00219235 adware/commad Adware No 0 Yes No c:\windows\uninstall_nmon.vbs
00219235 adware/commad Adware No 0 Yes No c:\documents and settings\drew\local settings\temp\cmdinst.exe
00219235 adware/commad Adware No 0 Yes No c:\windows\system32\atmtd.dll._
00219235 adware/commad Adware No 0 Yes No hkey_local_machine\system\currentcontrolset\services\cmdservice
00219235 adware/commad Adware No 0 Yes No c:\windows\system32\atmtd.dll
00219235 adware/commad Adware No 0 Yes No hkey_local_machine\system\currentcontrolset\services\network monitor
00219238 Adware/CommAd Adware No 0 Yes No C:\WINDOWS\Q2xpZmZvcmQgTWFydGlu\command.exe
00242996 Adware/CommAd Adware No 0 Yes No C:\Documents and Settings\DREW\Local Settings\Temp\cmdinst.exe
00250251 Adware/ISearch Adware No 0 Yes No C:\WINDOWS\SYSTEM32\mco2\ADI5MDi2.exe
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Clifford Martin\Cookies\clifford_martin@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Lynda\Cookies\lynda@atwola[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\drew@atwola[1].txt
00262492 Adware/CommAd Adware No 0 Yes No C:\WINDOWS\Q2xpZmZvcmQgTWFydGlu\kZUDtAtSwAk0nqIVx35R.vbs
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Clifford Martin\Cookies\[email protected][1].txt
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\[email protected][2].txt
00418007 Adware/XPAntiSpyware2009 Adware No 1 No No C:\Documents and Settings\DREW\Local Settings\Temp\Binaries1.cab2[XP_AntiSpyware.exe]
00418007 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\Program Files\XP_AntiSpyware\XP_AntiSpyware.exe
00418646 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\Program Files\XP_AntiSpyware\Uninstall.exe
00418646 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\WINDOWS\SYSTEM32\wini10801.exe
00421373 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\Program Files\XP_AntiSpyware\AVEngn.dll
00521370 Spyware/Iehelp Spyware No 1 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP290\A0028503.dll
02893773 Spyware/Iehelp Spyware No 1 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP290\A0028499.exe
02893774 Spyware/Iehelp Spyware No 1 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP290\A0028504.exe
02893775 Spyware/Iehelp Spyware No 1 Yes No C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP290\A0028500.exe
02897073 Cookie/Revenue TrackingCookie No 0 Yes No C:\Documents and Settings\DREW\Cookies\drew@adsrevenue[2].txt
02902637 Rootkit/Nurech.BC HackTools No 1 Yes No C:\WINDOWS\system32\Drivers\Beep.sys
02902637 Rootkit/Nurech.BC HackTools No 1 Yes No C:\WINDOWS\SYSTEM32\DLLCACHE\beep.sys
02944473 Trj/Downloader.MDW Virus/Trojan No 1 Yes Yes C:\WINDOWS\SYSTEM32\pi\NTc326i.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Documents and Settings\DREW\Local Settings\Temp\searsnet.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Program Files\webHancer\Programs\webhdll.dll
03074964 Trj/CI.A Virus/Trojan No 0 No No C:\WINDOWS\SYSTEM32\nys3\iPU560I.exe[C:\WINDOWS\SYSTEM32\nys3\iPU560I.exe][webhdll.dll]
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Documents and Settings\DREW\Application Data\Microsoft\Windows\lsass.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Program Files\webHancer\Programs\webhdll.dll
03508074 Adware/Zenosearch Adware No 0 Yes No C:\WINDOWS\SYSTEM32\WS\WIE45V15.exe
03508074 Adware/Zenosearch Adware No 0 Yes No C:\WINDOWS\SYSTEM32\dwwnw64r.exe
03508074 Adware/Zenosearch Adware No 0 Yes No c:\windows\system32\rlwnw64o.exe
03548823 Adware/Zenosearch Adware No 0 Yes No C:\WINDOWS\SYSTEM32\kcntptdl.exe
03584928 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\webHancer\Programs\whiehlpr.dll
03584928 Generic Malware Virus/Trojan No 0 No No C:\WINDOWS\SYSTEM32\nys3\iPU560I.exe[C:\WINDOWS\SYSTEM32\nys3\iPU560I.exe][whiehlpr.dll]
03586664 Generic Malware Virus/Trojan No 0 No No C:\WINDOWS\SYSTEM32\nys3\iPU560I.exe[C:\WINDOWS\SYSTEM32\nys3\iPU560I.exe][whInstaller.exe]
03586664 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\webHancer\Programs\whinstaller.exe
03586803 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\webHancer\Programs\whagent.exe
03586803 Generic Malware Virus/Trojan No 0 No No C:\WINDOWS\SYSTEM32\nys3\iPU560I.exe[C:\WINDOWS\SYSTEM32\nys3\iPU560I.exe][whAgent.exe]
03600544 Adware/VapSup Adware No 0 Yes No C:\WINDOWS\SYSTEM32\TDSSihyf.dll
03694716 Trj/Downloader.MDW Virus/Trojan No 1 Yes Yes C:\WINDOWS\SYSTEM32\karna.dat
03694716 Trj/Downloader.MDW Virus/Trojan No 1 Yes Yes C:\WINDOWS\karna.dat
03764686 Generic Malware Virus/Trojan No 0 Yes Yes C:\WINDOWS\SYSTEM32\EV19\EV191065.exe
03781023 Adware/AccesMembre Adware No 0 Yes No C:\Documents and Settings\DREW\Local Settings\Temp\snapsnet.exe
03815692 Generic Rootkit HackTools No 0 Yes No C:\Documents and Settings\DREW\Local Settings\Temp\tniC01.tmp
03891799 Generic Malware Virus/Trojan No 0 Yes Yes C:\Program Files\XP_AntiSpyware\wscui.cpl
03891799 Generic Malware Virus/Trojan No 0 Yes Yes C:\WINDOWS\SYSTEM32\_scui.cpl
03894369 Generic Malware Virus/Trojan No 0 Yes Yes C:\temp\awmT251.exe
03899181 Generic Malware Virus/Trojan No 0 Yes Yes C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location P
;===============================================================================
================================================================================
=
===================
Yes C:\WINDOWS\system32\opnkljgd.dll P
Yes c:\windows\system32\brastk.exe P
Yes c:\windows\system32\prun.exe P
Yes C:\Documents and Settings\DREW\Application Data\Facegame\Facegame.exe P
Yes C:\Documents and Settings\DREW\Local Settings\Temp\prun.exe P
Yes C:\WINDOWS\brastk.exe P
Yes C:\WINDOWS\SYSTEM32\brastk.exe P
Yes C:\WINDOWS\SYSTEM32\opnkljgd.dll P
Yes C:\WINDOWS\SYSTEM32\prun.exe P
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description P
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================[/size]

Edited by AE77surfer, 22 October 2008 - 09:43 AM.

  • 0

Advertisements

#2
kahdah
Posted 22 October 2008 - 10:28 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello AE77surfer

Welcome to G2Go. :)
=====================

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0

#3
AE77surfer
Posted 22 October 2008 - 10:31 AM

AE77surfer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Logfile of random's system information tool 1.04 (written by random/random)
Run by DREW at 2008-10-22 12:30:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 30 GB (41%) free of 73 GB
Total RAM: 510 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:48 PM, on 10/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DREW\Desktop\RSIT.exe
C:\Documents and Settings\DREW\Desktop\hijack this\DREW.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: {30f614db-2d56-5bda-f994-e600dcf73cf0} - {0fc37fcd-006e-499f-adb5-65d2bd416f03} - C:\WINDOWS\system32\bnqana.dll
O2 - BHO: (no name) - {76C91DB7-0DBA-42DC-BF60-2C58FE418DC4} - C:\WINDOWS\system32\ddcyVLfg.dll
O2 - BHO: (no name) - {9E91EF7B-6846-45C3-A8AB-67CF7C900783} - C:\WINDOWS\system32\opnkljgd.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{74-46-68-82-DW}] C:\windows\system32\rlwnw64o.exe DWmmm01
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [Lsass Service] C:\Documents and Settings\DREW\Application Data\Microsoft\Windows\lsass.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\SYSTEM32\kcntptdl.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\rlwnw64o.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.co...ll/gtdownlr.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157903837077
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.va...OCX/FlashAX.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\karna.dat
O20 - Winlogon Notify: opnkljgd - C:\WINDOWS\SYSTEM32\opnkljgd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2xpZmZvcmQgTWFydGlu\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7128 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Security Scan for DREW.job
C:\WINDOWS\tasks\quxwjmhh.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0fc37fcd-006e-499f-adb5-65d2bd416f03}]
C:\WINDOWS\system32\bnqana.dll [2008-10-22 128000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76C91DB7-0DBA-42DC-BF60-2C58FE418DC4}]
C:\WINDOWS\system32\ddcyVLfg.dll [2008-10-21 313344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E91EF7B-6846-45C3-A8AB-67CF7C900783}]
C:\WINDOWS\system32\opnkljgd.dll [2008-10-20 104448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"{74-46-68-82-DW}"=C:\windows\system32\rlwnw64o.exe [2008-10-20 200725]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]
"brastk"=C:\WINDOWS\system32\brastk.exe [2008-10-22 10240]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Lsass Service"=C:\Documents and Settings\DREW\Application Data\Microsoft\Windows\lsass.exe [2008-10-20 69632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-16 68856]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"Aim6"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
C:\Program Files\AGEIA Technologies\TrayIcon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe [2006-08-01 67112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
REGSVR32.EXE /S CTASIO.DLL []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe /pause []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [2002-09-30 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\CTHELPER.EXE [2006-08-11 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [2002-10-29 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtxfiReg]
CTXFIREG.exe /FAIL0 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-11 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5400]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 EPSON Stylus CX5400 /O6 USB001 /M Stylus CX5400 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2006-07-29 5354792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe [2003-07-13 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Valve\Steam\Steam.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe [2005-04-13 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-16 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-01-01 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2004-11-22 307200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe /VeohHide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe [2003-10-07 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-01-15 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v3 Smart Wizard.lnk]
C:\PROGRA~1\NETGEAR\WG111v3\WG111v3.exe [2007-09-12 1527808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
C:\PROGRA~1\WIFICO~1\NINTEN~1.EXE [2006-11-16 1073152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^DREW^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
C:\DOCUME~1\ALLUSE~1\APPLIC~1\IWINGA~1\DESKTO~1\DESKTO~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^DREW^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\DOCUME~1\Lynda\Desktop\LimeWire\LimeWire.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3
"WZCSVC"=2
"WudfSvc"=3
"wscsvc"=2
"WMPNetworkSvc"=3
"WmiApSrv"=3
"Wmi"=3
"WmdmPmSN"=3
"WMDM PMSP Service"=2
"winmgmt"=2
"WebClient"=2
"w32time"=2
"VSS"=3
"Viewpoint Manager Service"=2
"usnsvc"=3
"UPS"=3
"upnphost"=3
"TrkWks"=2
"Themes"=2
"TermService"=3
"TapiSrv"=3
"SysmonLog"=3
"SwPrv"=3
"stisvc"=2
"SSDPSRV"=3
"srservice"=2
"Spooler"=2
"ShellHWDetection"=2
"SharedAccess"=2
"SENS"=2
"seclogon"=2
"Schedule"=2
"SCardSvr"=3
"SamSs"=2
"RSVP"=3
"RemoteRegistry"=2
"RDSessMgr"=3
"RasMan"=3
"RasAuto"=3
"ProtectedStorage"=2
"PolicyAgent"=2
"PlugPlay"=2
"ose"=3
"NtmsSvc"=3
"NtLmSsp"=3
"Norton AntiVirus Server"=2
"Nla"=3
"Network Monitor"=2
"NetSvc"=3
"Netman"=3
"Netlogon"=3
"napagent"=3
"MSIServer"=3
"MSDTC"=3
"mnmsrvc"=3
"MDM"=2
"LmHosts"=2
"lanmanworkstation"=2
"lanmanserver"=2
"iPod Service"=3
"ImapiService"=3
"IDriverT"=3
"HTTPFilter"=3
"hkmsvc"=3
"helpsvc"=2
"gusvc"=3
"Fax"=2
"FastUserSwitchingCompatibility"=3
"EventSystem"=3
"Eventlog"=2
"ERSvc"=2
"EapHost"=3
"DSBrokerService"=3
"Dot3svc"=3
"Dnscache"=2
"dmserver"=3
"dmadmin"=3
"Dhcp"=2
"DefWatch"=2
"CryptSvc"=2
"Creative Service for CDROM Access"=2
"COMSysApp"=3
"cmdService"=2
"CiSvc"=3
"Browser"=2
"BITS"=3
"AVG Anti-Spyware Guard"=2
"AudioSrv"=2
"Ati HotKey Poller"=2
"aspnet_state"=3
"AppMgmt"=3
"Apple Mobile Device"=2
"ALG"=3

C:\Documents and Settings\DREW\Start Menu\Programs\Startup
Deewoo.lnk - C:\WINDOWS\SYSTEM32\kcntptdl.exe
DW_Start.lnk - C:\WINDOWS\SYSTEM32\rlwnw64o.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\karna.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\System32\NavLogon.dll [2003-10-07 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnkljgd]
C:\WINDOWS\system32\opnkljgd.dll [2008-10-20 104448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]
"{9E91EF7B-6846-45C3-A8AB-67CF7C900783}"=C:\WINDOWS\system32\opnkljgd.dll [2008-10-20 104448]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\ddcyVLfg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSpxfe.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSpxfe.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\WiFiConnector\NintendoWFCReg.exe"="C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"D:\Autorun.exe"="D:\Autorun.exe:*:Enabled:CD navigator"
"C:\Documents and Settings\DREW\Desktop\ZSNESW.EXE"="C:\Documents and Settings\DREW\Desktop\ZSNESW.EXE:*:Enabled:ZSNESW"
"C:\Program Files\iTunes.exe"="C:\Program Files\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe"="C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe:*:Disabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96af424c-b576-11da-b7f4-00111135afe4}]
shell\AutoRun\command - F:\setupSNK.exe


======List of files/folders created in the last 1 months======

2008-10-22 12:30:32 ----D---- C:\rsit
2008-10-22 02:40:18 ----SH---- C:\WINDOWS\system32\jrqvpcwy.ini
2008-10-22 02:40:14 ----A---- C:\WINDOWS\system32\ywcpvqrj.dll
2008-10-22 02:37:14 ----A---- C:\WINDOWS\system32\bnqana.dll
2008-10-22 02:37:14 ----A---- C:\WINDOWS\system32\aywmoffc.dll
2008-10-22 00:24:05 ----D---- C:\WINDOWS\LastGood.Tmp
2008-10-22 00:24:05 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-21 02:56:51 ----D---- C:\Program Files\Panda Security
2008-10-21 02:38:03 ----SH---- C:\WINDOWS\system32\sekfuevg.ini
2008-10-21 02:38:00 ----A---- C:\WINDOWS\system32\gveufkes.dll
2008-10-21 02:35:03 ----A---- C:\WINDOWS\system32\vninoe.dll
2008-10-21 02:35:02 ----A---- C:\WINDOWS\system32\aeajsxax.dll
2008-10-21 02:31:58 ----ASH---- C:\WINDOWS\system32\gfLVycdd.ini2
2008-10-21 02:31:58 ----ASH---- C:\WINDOWS\system32\gfLVycdd.ini
2008-10-21 02:31:53 ----A---- C:\WINDOWS\system32\ddcyVLfg.dll
2008-10-21 02:29:09 ----DC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-20 17:35:58 ----SH---- C:\WINDOWS\system32\xikwrruc.ini
2008-10-20 17:35:54 ----A---- C:\WINDOWS\system32\currwkix.dll
2008-10-20 17:30:33 ----A---- C:\Documents and Settings\All Users\Application Data\lehasus.vbs
2008-10-20 17:30:33 ----A---- C:\Documents and Settings\All Users\Application Data\bytypigo.vbs
2008-10-20 17:30:00 ----A---- C:\WINDOWS\system32\kyfgpv.dll
2008-10-20 17:29:59 ----A---- C:\WINDOWS\system32\gpmemmrs.dll
2008-10-20 17:29:40 ----D---- C:\Program Files\XP_AntiSpyware
2008-10-20 17:28:45 ----A---- C:\WINDOWS\system32\1f048253-.txt
2008-10-20 17:26:53 ----ASH---- C:\WINDOWS\system32\pYFhOqru.ini2
2008-10-20 17:26:53 ----ASH---- C:\WINDOWS\system32\pYFhOqru.ini
2008-10-20 17:26:48 ----A---- C:\WINDOWS\system32\urqOhFYp.dll
2008-10-20 17:22:25 ----A---- C:\WINDOWS\system32\wini10801.exe
2008-10-20 17:22:18 ----A---- C:\WINDOWS\system32\rlwnw64o.exe
2008-10-20 17:17:19 ----A---- C:\WINDOWS\system32\atmtd.dll._
2008-10-20 17:17:19 ----A---- C:\WINDOWS\system32\atmtd.dll
2008-10-20 17:16:56 ----A---- C:\WINDOWS\brastk.exe
2008-10-20 17:15:09 ----A---- C:\WINDOWS\system32\g48.exe
2008-10-20 17:14:11 ----D---- C:\Program Files\Network Monitor
2008-10-20 17:14:11 ----A---- C:\WINDOWS\uninstall_nmon.vbs
2008-10-20 17:14:08 ----SHD---- C:\WINDOWS\Q2xpZmZvcmQgTWFydGlu
2008-10-20 17:14:07 ----A---- C:\WINDOWS\system32\delself.bat
2008-10-20 17:13:58 ----A---- C:\WINDOWS\system32\brastk.exe
2008-10-20 17:13:52 ----A---- C:\WINDOWS\system32\dwwnw64r.exe
2008-10-20 17:13:11 ----D---- C:\Documents and Settings\DREW\Application Data\Facegame
2008-10-20 17:12:57 ----D---- C:\WINDOWS\system32\WS
2008-10-20 17:12:57 ----D---- C:\WINDOWS\system32\pi
2008-10-20 17:12:57 ----D---- C:\WINDOWS\system32\nys3
2008-10-20 17:12:57 ----D---- C:\WINDOWS\system32\mco2
2008-10-20 17:12:39 ----N---- C:\WINDOWS\system32\opnkljgd.dll
2008-10-20 17:12:36 ----D---- C:\WINDOWS\system32\EV19
2008-10-20 17:08:51 ----A---- C:\WINDOWS\system32\TDSSdxgp.dll
2008-10-20 17:08:50 ----A---- C:\WINDOWS\system32\TDSSnpur.dll
2008-10-20 17:08:49 ----A---- C:\WINDOWS\system32\TDSSyoqm.dll
2008-10-20 17:08:48 ----A---- C:\WINDOWS\system32\TDSSarxx.dll
2008-10-20 17:08:44 ----A---- C:\WINDOWS\system32\TDSSoitu.dll
2008-10-14 20:07:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-14 20:07:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-14 20:07:35 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-14 20:04:40 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-14 20:04:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-07 22:59:41 ----D---- C:\Documents and Settings\DREW\Application Data\acccore
2008-10-07 22:59:25 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-10-07 22:59:00 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-10-07 22:58:34 ----D---- C:\Program Files\Common Files\Nullsoft
2008-10-07 22:58:04 ----D---- C:\Program Files\Common Files\AOL
2008-10-07 22:57:58 ----D---- C:\Program Files\AIM6
2008-10-07 22:57:01 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-10-07 22:56:58 ----A---- C:\WINDOWS\atid.ini
2008-10-03 13:39:25 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-03 13:39:25 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)

======List of files/folders modified in the last 1 months======

2008-10-22 12:14:27 ----D---- C:\WINDOWS\SYSTEM32
2008-10-22 12:08:07 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-10-22 12:01:31 ----D---- C:\WINDOWS\system32\DRIVERS
2008-10-22 00:48:58 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-22 00:43:18 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-22 00:42:27 ----RD---- C:\Program Files
2008-10-22 00:24:06 ----D---- C:\WINDOWS
2008-10-21 23:14:08 ----D---- C:\temp
2008-10-21 21:37:05 ----D---- C:\WINDOWS\TEMP
2008-10-21 14:40:46 ----D---- C:\Program Files\Internet Explorer
2008-10-21 13:20:54 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-21 13:19:36 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-21 13:16:34 ----D---- C:\Program Files\Common Files
2008-10-21 13:12:17 ----SHD---- C:\WINDOWS\CSC
2008-10-21 13:07:19 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt
2008-10-21 02:56:51 ----HD---- C:\WINDOWS\INF
2008-10-21 02:36:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-20 17:39:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-20 17:39:30 ----RASH---- C:\BOOT.INI
2008-10-20 17:39:30 ----N---- C:\WINDOWS\SYSTEM.INI
2008-10-20 17:39:30 ----A---- C:\WINDOWS\WIN.INI
2008-10-20 17:22:16 ----D---- C:\WINDOWS\Prefetch
2008-10-20 17:12:57 ----SD---- C:\WINDOWS\Tasks
2008-10-19 18:00:02 ----D---- C:\Program Files\Norton Security Scan
2008-10-18 00:08:51 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-18 00:06:42 ----SHD---- C:\WINDOWS\Installer
2008-10-18 00:06:42 ----D---- C:\Config.Msi
2008-10-15 11:40:36 ----D---- C:\Program Files\PokerStars
2008-10-14 20:14:09 ----D---- C:\Program Files\AIM
2008-10-14 20:07:50 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-14 20:07:48 ----A---- C:\WINDOWS\imsins.BAK
2008-10-08 23:16:50 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-10-07 23:16:16 ----D---- C:\Program Files\Viewpoint
2008-10-07 15:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 13:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-23 00:32:29 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2004-07-28 28352]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-05-20 21035]
S2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
S2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2007-10-09 38144]
S2 NAVAPEL;NAVAPEL; \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS []
S3 afxbya4p;afxbya4p; C:\WINDOWS\system32\drivers\afxbya4p.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-05-26 729600]
S3 catchme;catchme; \??\C:\DOCUME~1\DREW\LOCALS~1\Temp\catchme.sys []
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2006-08-11 502272]
S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-08-11 499584]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2006-08-11 7168]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2006-08-11 143872]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2006-08-11 78336]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2006-08-11 766976]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2006-08-11 154112]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2006-08-11 180224]
S3 IntelC51;IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
S3 IntelC52;IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [2004-03-05 647929]
S3 IntelC53;IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [2004-03-05 60949]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mohfilt;mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [2004-03-05 37048]
S3 NAVAP;NAVAP; \??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys []
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081019.003\NAVENG.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081019.003\NAVEX15.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-08-11 116224]
S3 pohci13F;pohci13F; \??\C:\DOCUME~1\DREW\LOCALS~1\Temp\pohci13F.sys []
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2006-04-10 162816]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 224896]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-03-19 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-05-26 397312]
S2 cmdService;Command Service; C:\WINDOWS\Q2xpZmZvcmQgTWFydGlu\command.exe [2005-08-02 293888]
S2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
S2 DefWatch;DefWatch; C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe [2003-10-07 32768]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S2 Network Monitor;Network Monitor; C:\Program Files\Network Monitor\netmon.exe service []
S2 Norton AntiVirus Server;Symantec AntiVirus Client; C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe [2003-10-07 647168]
S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnsvc;Messenger Sharing USN Journal Reader service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
  • 0

#4
AE77surfer
Posted 22 October 2008 - 10:31 AM

AE77surfer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
info.txt logfile of random's system information tool 1.04 2008-10-22 12:30:54

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy2\Program\SETUP.EXE" /S /U /W
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Ahead Nero Burning ROM-->C:\Program Files\nero\nero\uninstall\UNNERO.exe /UNINSTALL
AIM 6.0-->C:\Program Files\AIM6\uninst.exe
AIM 6-->C:\Program Files\AIM6\uninst.exe
AngelPotion Video Codec V1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\AngelPotion Video Codec V1\Uninst.isu"
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\SETUP.EXE" -l0x9
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avery Media Software 32 bit-->C:\WINDOWS\MVUNINST\App1\unwise.exe C:\WINDOWS\MVUNINST\APP1\INSTALL.LOG "Avery Media Software Uninstall"
AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Azureus-->C:\Program Files\Azureus\Uninstall.exe
Canon Camera Window for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FC3EEA54-C009-4D75-B753-3CD871BF3EBA}
Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MX310 series User Registration-->C:\Program Files\Canon\IJEREG\MX310 series\UNINST.EXE
Canon MX310 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon PhotoRecord-->MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}
Canon RAW Image Task for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}
Canon RemoteCapture Task for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2811B04D-5AAB-4117-8FF8-79529D54634F}
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities PhotoStitch 3.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C05E2D43-A05F-4835-A15C-CD0AD1576506}
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Command-->wscript "C:\WINDOWS\Q2xpZmZvcmQgTWFydGlu\kZUDtAtSwAk0nqIVx35R.vbs"
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
Deewoo Network Manager removal-->C:\WINDOWS\SYSTEM32\kcntptdl.exe -UPop
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
Garmin WebUpdater-->MsiExec.exe /X{996EC44B-38E1-4898-8E47-3EE3D15F2712}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
HijackThis 2.0.2-->"C:\Documents and Settings\DREW\Desktop\hijack this\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Intel® PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iPod for Windows 2005-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iPod for Windows 2006-01-10-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
LimeWire 4.18.3-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
NETGEAR WG111v3 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\setup.exe -runfromtemp -l0x0409
Network Monitor-->wscript "C:\WINDOWS\uninstall_nmon.vbs"
Nintendo Wi-Fi USB Connector Registration Tool-->C:\Program Files\WiFiConnector\SoftAPUninst.exe
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{3FADAA19-E595-44CA-A072-58B6B0851768}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{3FADAA19-E595-44CA-A072-58B6B0851768}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PowerDVD 5.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
ScanSoft OmniPage SE 4-->MsiExec.exe /I{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sound Blaster Audigy 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E82BF103-904F-49C0-B77F-6EC110B71E87}\setup.exe" -l0x9
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Symantec AntiVirus Client-->MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger-->MsiExec.exe /I{FCE50DB8-C610-4C42-BE5C-193F46C6F812}
Windows Live Sign-in Assistant-->MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XP Antispyware 2009-->C:\Program Files\XP_AntiSpyware\Uninstall.exe
Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

=====HijackThis Backups=====

O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.amaena.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------
  • 0

#5
kahdah
Posted 22 October 2008 - 10:36 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

  • 0

#6
AE77surfer
Posted 22 October 2008 - 11:07 AM

AE77surfer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
ComboFix 08-10-21.05 - DREW 2008-10-22 12:43:12.3 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.262 [GMT -4:00]
Running from: C:\Documents and Settings\DREW\Desktop\notComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\DREW\Application Data\Microsoft\Windows\lsass.exe
C:\Documents and Settings\DREW\Local Settings\Temporary Internet Files\fakef._dl
C:\Documents and Settings\DREW\Local Settings\Temporary Internet Files\fbk.sts
C:\Documents and Settings\DREW\Start Menu\Programs\Startup\Deewoo.lnk
C:\Documents and Settings\DREW\Start Menu\Programs\Startup\DW_Start.lnk
C:\Documents and Settings\DREW\Start Menu\Programs\XP_AntiSpyware
C:\Documents and Settings\DREW\Start Menu\Programs\XP_AntiSpyware\Uninstall.lnk
C:\Documents and Settings\DREW\Start Menu\Programs\XP_AntiSpyware\XP_AntiSpyware.lnk
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\network monitor
C:\Program Files\XP_AntiSpyware
C:\Program Files\XP_AntiSpyware\AVEngn.dll
C:\Program Files\XP_AntiSpyware\data\daily.cvd
C:\Program Files\XP_AntiSpyware\htmlayout.dll
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcm80.dll
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcp80.dll
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcr80.dll
C:\Program Files\XP_AntiSpyware\pthreadVC2.dll
C:\Program Files\XP_AntiSpyware\Uninstall.exe
C:\Program Files\XP_AntiSpyware\XP_Antispyware.cfg
C:\Program Files\XP_AntiSpyware\XP_AntiSpyware.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\brastk.exe
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\karna.dat
C:\WINDOWS\Q2xpZmZvcmQgTWFydGlu\
C:\WINDOWS\Q2xpZmZvcmQgTWFydGlu\\asappsrv.dll
C:\WINDOWS\Q2xpZmZvcmQgTWFydGlu\\command.exe
C:\WINDOWS\Q2xpZmZvcmQgTWFydGlu\\kZUDtAtSwAk0nqIVx35R.vbs
C:\WINDOWS\Q2xpZmZvcmQgTWFydGlu\command.exe
C:\WINDOWS\system32\aeajsxax.dll
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\aywmoffc.dll
C:\WINDOWS\system32\bnqana.dll
C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\system32\currwkix.dll
C:\WINDOWS\system32\ddcyVLfg.dll
C:\WINDOWS\system32\DelSelf.bat
C:\WINDOWS\system32\dwwnw64r.exe
C:\WINDOWS\SYSTEM32\gfLVycdd.ini
C:\WINDOWS\SYSTEM32\gfLVycdd.ini2
C:\WINDOWS\system32\gpmemmrs.dll
C:\WINDOWS\system32\gveufkes.dll
C:\WINDOWS\SYSTEM32\jrqvpcwy.ini
C:\WINDOWS\system32\karna.dat
C:\WINDOWS\system32\kyfgpv.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\nbspdubm.ini
C:\WINDOWS\system32\opnkljgd.dll
C:\WINDOWS\SYSTEM32\pYFhOqru.ini
C:\WINDOWS\SYSTEM32\pYFhOqru.ini2
C:\WINDOWS\system32\rlwnw64o.exe
C:\WINDOWS\system32\sekfuevg.ini
C:\WINDOWS\system32\urqOhFYp.dll
C:\WINDOWS\system32\vninoe.dll
C:\WINDOWS\system32\wini10801.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\xikwrruc.ini
C:\WINDOWS\system32\ywcpvqrj.dll
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\Tasks\quxwjmhh.job
C:\WINDOWS\uninstall_nmon.vbs

----- BITS: Possible infected sites -----

hxxp://niheradomen.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Legacy_TDSSSERV
-------\Service_cmdService
-------\Service_Network Monitor
-------\Service_TDSSserv


((((((((((((((((((((((((( Files Created from 2008-09-22 to 2008-10-22 )))))))))))))))))))))))))))))))
.

2008-10-22 12:30 . 2008-10-22 12:30 <DIR> d-------- C:\rsit
2008-10-22 00:24 . 2008-10-22 00:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-21 02:57 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pavboot.sys
2008-10-21 02:56 . 2008-10-21 02:56 <DIR> d-------- C:\Program Files\Panda Security
2008-10-21 02:29 . 2008-10-21 02:29 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-20 17:30 . 2008-10-20 17:30 19,710 --a------ C:\Documents and Settings\All Users\Application Data\lehasus.vbs
2008-10-20 17:30 . 2008-10-20 17:30 19,037 --a------ C:\WINDOWS\SYSTEM32\iwilogu.inf
2008-10-20 17:30 . 2008-10-20 17:30 18,768 --a------ C:\WINDOWS\ajuv.reg
2008-10-20 17:30 . 2008-10-20 17:30 18,551 --a------ C:\Documents and Settings\All Users\Application Data\egesy.pif
2008-10-20 17:30 . 2008-10-20 17:30 17,591 --a------ C:\WINDOWS\toqasu.db
2008-10-20 17:30 . 2008-10-20 17:30 17,351 --a------ C:\Documents and Settings\All Users\Application Data\omynu.pif
2008-10-20 17:30 . 2008-10-20 17:30 15,870 --a------ C:\Documents and Settings\All Users\Application Data\ataxidob.bin
2008-10-20 17:30 . 2008-10-20 17:30 14,681 --a------ C:\Documents and Settings\DREW\Application Data\favisev.pif
2008-10-20 17:30 . 2008-10-20 17:30 14,251 --a------ C:\Documents and Settings\All Users\Application Data\zigeqavyxa.scr
2008-10-20 17:30 . 2008-10-20 17:30 13,858 --a------ C:\Program Files\Common Files\etamox.sys
2008-10-20 17:30 . 2008-10-20 17:30 13,166 --a------ C:\Documents and Settings\All Users\Application Data\bytypigo.vbs
2008-10-20 17:15 . 2008-10-20 17:15 153,475 --a------ C:\WINDOWS\SYSTEM32\g48.exe
2008-10-20 17:13 . 2008-10-20 17:13 <DIR> d-------- C:\Documents and Settings\DREW\Application Data\Facegame
2008-10-20 17:12 . 2008-10-20 17:12 <DIR> d-------- C:\WINDOWS\SYSTEM32\WS
2008-10-20 17:12 . 2008-10-22 00:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\pi
2008-10-20 17:12 . 2008-10-20 17:12 <DIR> d-------- C:\WINDOWS\SYSTEM32\nys3
2008-10-20 17:12 . 2008-10-20 17:12 <DIR> d-------- C:\WINDOWS\SYSTEM32\mco2
2008-10-20 17:12 . 2008-10-22 00:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\EV19
2008-10-20 17:12 . 2008-10-20 17:12 <DIR> d-------- C:\temp\xp34
2008-10-20 17:08 . 2008-10-20 17:08 77,824 --a------ C:\WINDOWS\SYSTEM32\TDSSnpur.dll
2008-10-20 17:08 . 2008-10-20 17:08 61,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\TDSSpxfe.sys
2008-10-20 17:08 . 2008-10-20 17:08 36,864 --a------ C:\WINDOWS\SYSTEM32\TDSSoitu.dll
2008-10-20 17:08 . 2008-10-20 17:08 31,232 --a------ C:\WINDOWS\SYSTEM32\TDSSyoqm.dll
2008-10-20 17:08 . 2008-10-20 17:08 29,696 --a------ C:\WINDOWS\SYSTEM32\TDSSarxx.dll
2008-10-20 17:08 . 2008-10-21 13:07 3,530 --a------ C:\WINDOWS\SYSTEM32\TDSSdxgp.dll
2008-10-20 17:08 . 2008-10-20 17:08 164 --a------ C:\WINDOWS\SYSTEM32\TDSSmtpe.dat
2008-10-14 17:47 . 2008-09-08 06:41 333,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys
2008-10-14 17:46 . 2008-08-14 06:11 2,189,184 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe
2008-10-14 17:46 . 2008-08-14 06:09 2,145,280 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-10-14 17:46 . 2008-08-14 05:33 2,066,048 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2008-10-14 17:46 . 2008-08-14 05:33 2,023,936 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
2008-10-14 17:46 . 2008-09-15 08:12 1,846,400 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-10-07 22:59 . 2008-10-07 22:59 <DIR> d-------- C:\Documents and Settings\DREW\Application Data\acccore
2008-10-07 22:59 . 2008-10-07 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-10-07 22:59 . 2008-10-07 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-10-07 22:58 . 2008-10-07 22:58 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-10-07 22:58 . 2008-10-14 20:14 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-10-07 22:57 . 2008-10-14 02:46 <DIR> d-------- C:\Program Files\AIM6
2008-10-07 22:57 . 2008-10-14 02:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-10-07 22:57 . 2008-10-07 22:57 335 --a------ C:\WINDOWS\nsreg.dat
2008-10-07 22:56 . 2008-10-14 02:46 3,234 --ah----- C:\IPH.PH
2008-10-07 22:56 . 2008-10-07 22:56 29 --a------ C:\WINDOWS\atid.ini
2008-10-03 13:39 . 2008-10-03 13:39 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-03 13:39 . 2008-10-03 13:39 <DIR> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 04:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-21 06:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-20 21:30 18,179 ----a-w C:\Program Files\Common Files\yjoneqa._sy
2008-10-20 21:30 11,853 ----a-w C:\Program Files\Common Files\aqidis.ban
2008-10-19 22:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-10-18 04:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-15 15:40 --------- d-----w C:\Program Files\PokerStars
2008-10-15 00:14 --------- d-----w C:\Program Files\AIM
2008-10-09 03:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-10-08 03:16 --------- d-----w C:\Program Files\Viewpoint
2008-09-19 19:29 --------- d-----w C:\Documents and Settings\DREW\Application Data\LimeWire
2008-09-11 07:06 --------- d-----w C:\Program Files\iWin.com
2008-09-11 07:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-11 06:59 --------- d-----w C:\Program Files\DeadFrontierNightOne_at
2008-09-11 06:59 --------- d-----w C:\Program Files\Creative
2008-09-11 06:52 --------- d-----w C:\Program Files\Ares
2008-09-11 06:51 --------- d-----w C:\Program Files\Bigfish Games Miss Management
2008-09-11 06:48 --------- d-----w C:\Program Files\Absolute Poker
2008-09-11 06:37 --------- d-----w C:\Program Files\Sonic
2008-09-11 06:32 --------- d-----w C:\Program Files\Yahoo!
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-08 01:55 --------- d-----w C:\Documents and Settings\DREW\Application Data\Azureus
2008-09-06 04:07 --------- d-----w C:\Program Files\Azureus
2008-08-29 17:00 --------- d-----w C:\Documents and Settings\DREW\Application Data\NewSoft
2008-08-24 03:38 --------- d-----w C:\Program Files\QuickScan
2008-08-22 04:00 --------- d-----w C:\Documents and Settings\DREW\Application Data\Move Networks
2008-07-30 14:47 643,072 ----a-w C:\Program Files\iPodUpdaterExt.dll
2008-07-30 14:47 5,824 ----a-w C:\Program Files\About iTunes.rtf
2008-07-30 14:47 438,272 ----a-w C:\Program Files\CDDBControlApple.dll
2008-07-30 14:47 289,064 ----a-w C:\Program Files\iTunesHelper.exe
2008-07-30 14:47 283,136 ----a-w C:\Program Files\iTunesOutlookAddIn.dll
2008-07-30 14:47 20,252,968 ----a-w C:\Program Files\iTunes.exe
2008-07-30 14:47 172,544 ----a-w C:\Program Files\iTunesPhotoSupport.dll
2008-07-30 14:47 132,392 ----a-w C:\Program Files\iTunesMiniPlayer.dll
2008-07-30 14:47 116,008 ----a-w C:\Program Files\ITDetector.ocx
2008-07-30 14:47 108,328 ----a-w C:\Program Files\iTunesAdmin.dll
2008-07-30 14:44 8,356 ----a-w C:\Program Files\Acknowledgements.rtf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.AP41"= APmpg4v1.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSpxfe.sys]
@="driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v3 Smart Wizard.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
backup=C:\WINDOWS\pss\NETGEAR WG111v3 Smart Wizard.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
backup=C:\WINDOWS\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^DREW^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
path=C:\Documents and Settings\DREW\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
backup=C:\WINDOWS\pss\iWin Desktop Alerts.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^DREW^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\DREW\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 05:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 15:35 67112 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 20:42 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2007-04-03 21:50 1603152 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
--a------ 2007-05-14 21:01 644696 C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
--a------ 2002-09-30 02:00 45056 C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2002-10-29 10:18 49152 C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 06:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-11 12:43 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a------ 2003-09-03 21:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2006-07-29 19:34 5354792 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2003-07-13 02:49 155648 C:\WINDOWS\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2007-02-04 12:02 79400 C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2004-04-11 21:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-10-25 09:03 210472 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-04-13 04:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-16 10:54 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-01-01 04:46 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2004-11-22 08:18 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 02:00 90112 C:\WINDOWS\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2003-10-07 12:39 90112 C:\PROGRA~1\SYMANT~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-01-15 18:54 37376 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
--a------ 2006-08-11 14:45 74752 C:\WINDOWS\SYSTEM32\CTASIO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-11 14:56 18944 C:\WINDOWS\SYSTEM32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtxfiReg]
--a------ 2006-08-11 14:53 42496 C:\WINDOWS\SYSTEM32\CTXFIREG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=3 (0x3)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"WMDM PMSP Service"=2 (0x2)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"w32time"=2 (0x2)
"VSS"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"usnsvc"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"ose"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Norton AntiVirus Server"=2 (0x2)
"Nla"=3 (0x3)
"Network Monitor"=2 (0x2)
"NetSvc"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"napagent"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"MDM"=2 (0x2)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"IDriverT"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"Fax"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"EapHost"=3 (0x3)
"DSBrokerService"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"DefWatch"=2 (0x2)
"CryptSvc"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"COMSysApp"=3 (0x3)
"cmdService"=2 (0x2)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=3 (0x3)
"AVG Anti-Spyware Guard"=2 (0x2)
"AudioSrv"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"ALG"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Documents and Settings\\DREW\\Desktop\\ZSNESW.EXE"=
"C:\\Program Files\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2007-10-09 38144]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 pohci13F;pohci13F;C:\DOCUME~1\DREW\LOCALS~1\Temp\pohci13F.sys [ ]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 224896]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96af424c-b576-11da-b7f4-00111135afe4}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-10-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-10-20 C:\WINDOWS\Tasks\Norton Security Scan for DREW.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0fc37fcd-006e-499f-adb5-65d2bd416f03} - C:\WINDOWS\system32\bnqana.dll
BHO-{76C91DB7-0DBA-42DC-BF60-2C58FE418DC4} - C:\WINDOWS\system32\ddcyVLfg.dll
BHO-{9E91EF7B-6846-45C3-A8AB-67CF7C900783} - C:\WINDOWS\system32\opnkljgd.dll
HKCU-Run-Aim6 - (no file)
HKLM-Run-{74-46-68-82-DW} - C:\windows\system32\rlwnw64o.exe
HKLM-Run-1427462d - C:\WINDOWS\system32\ywcpvqrj.dll
HKU-Default-Run-brastk - C:\WINDOWS\system32\brastk.exe
HKLM-Explorer_Run-Lsass Service - C:\Documents and Settings\DREW\Application Data\Microsoft\Windows\lsass.exe
ShellExecuteHooks-{9E91EF7B-6846-45C3-A8AB-67CF7C900783} - C:\WINDOWS\system32\opnkljgd.dll
MSConfigStartUp-AGEIA PhysX SysTray - C:\Program Files\AGEIA Technologies\TrayIcon.exe
MSConfigStartUp-ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MSConfigStartUp-BearShare - C:\Program Files\BearShare\BearShare.exe
MSConfigStartUp-DellSupport - C:\Program Files\Dell Support\DSAgnt.exe
MSConfigStartUp-dla - C:\WINDOWS\system32\dla\tfswctrl.exe
MSConfigStartUp-EPSON Stylus CX5400 - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
MSConfigStartUp-Orb - C:\Program Files\Winamp Remote\bin\OrbTray.exe
MSConfigStartUp-Steam - C:\Valve\Steam\Steam.exe
MSConfigStartUp-UpdateManager - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
MSConfigStartUp-Veoh - C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
MSConfigStartUp-ViewMgr - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
MSConfigStartUp-Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-22 12:54:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

C:\WINDOWS\explorer.exe [1140] 0x822B8BC8

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Lsass Service = C:\Documents and Settings\DREW\Application Data\Microsoft\Windows\lsass.exe????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\NavLogon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-10-22 13:05:12 - machine was rebooted [DREW]
ComboFix-quarantined-files.txt 2008-10-22 17:05:01

Pre-Run: 31,332,818,944 bytes free
Post-Run: 30,994,268,160 bytes free

470 --- E O F --- 2008-10-15 00:08:00
  • 0

#7
AE77surfer
Posted 22 October 2008 - 11:08 AM

AE77surfer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:57 PM, on 10/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\DREW\Desktop\hijack this\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.co...ll/gtdownlr.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157903837077
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.va...OCX/FlashAX.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6687 bytes
  • 0

#8
kahdah
Posted 22 October 2008 - 11:41 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Open notepad and copy/paste the text in the quotebox below into it:

http://www.geekstogo.com/forum/virus-take-over-can-t-open-SandD-hijack-avg-etc-t215328.html#entry1357695

Collect::
C:\Documents and Settings\All Users\Application Data\lehasus.vbs
C:\WINDOWS\SYSTEM32\iwilogu.inf
C:\WINDOWS\ajuv.reg
C:\Documents and Settings\All Users\Application Data\egesy.pif
C:\WINDOWS\toqasu.db
C:\Documents and Settings\All Users\Application Data\omynu.pif
C:\Documents and Settings\All Users\Application Data\ataxidob.bin
C:\Documents and Settings\DREW\Application Data\favisev.pif
C:\Documents and Settings\All Users\Application Data\zigeqavyxa.scr
C:\Program Files\Common Files\etamox.sys
C:\Documents and Settings\All Users\Application Data\bytypigo.vbs
C:\WINDOWS\SYSTEM32\g48.exe
C:\WINDOWS\SYSTEM32\TDSSnpur.dll
C:\WINDOWS\SYSTEM32\DRIVERS\TDSSpxfe.sys
C:\WINDOWS\SYSTEM32\TDSSoitu.dll
C:\WINDOWS\SYSTEM32\TDSSyoqm.dll
C:\WINDOWS\SYSTEM32\TDSSarxx.dll
C:\WINDOWS\SYSTEM32\TDSSdxgp.dll
C:\WINDOWS\SYSTEM32\TDSSmtpe.dat
C:\Program Files\Common Files\yjoneqa._sy
C:\Program Files\Common Files\aqidis.ban

Folder::
C:\WINDOWS\SYSTEM32\WS
C:\WINDOWS\SYSTEM32\pi
C:\WINDOWS\SYSTEM32\nys3
C:\WINDOWS\SYSTEM32\mco2
C:\WINDOWS\SYSTEM32\EV19
C:\temp\xp34

Registry::
[HKEY_LOCAL_MACHINE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
'Lsass Service"=-





Save this as CFScript.txt


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.

  • 0

#9
AE77surfer
Posted 22 October 2008 - 12:11 PM

AE77surfer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
ComboFix 08-10-21.05 - DREW 2008-10-22 14:04:14.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.250 [GMT -4:00]
Running from: C:\Documents and Settings\DREW\Desktop\notComboFix.exe
Command switches used :: C:\Documents and Settings\DREW\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\ataxidob.bin
C:\Documents and Settings\All Users\Application Data\bytypigo.vbs
C:\Documents and Settings\All Users\Application Data\egesy.pif
C:\Documents and Settings\All Users\Application Data\lehasus.vbs
C:\Documents and Settings\All Users\Application Data\omynu.pif
C:\Documents and Settings\All Users\Application Data\zigeqavyxa.scr
C:\Documents and Settings\DREW\Application Data\favisev.pif
C:\Program Files\Common Files\aqidis.ban
C:\Program Files\Common Files\etamox.sys
C:\Program Files\Common Files\yjoneqa._sy
C:\temp\xp34
C:\WINDOWS\ajuv.reg
C:\WINDOWS\SYSTEM32\DRIVERS\TDSSpxfe.sys
C:\WINDOWS\SYSTEM32\EV19
C:\WINDOWS\SYSTEM32\g48.exe
C:\WINDOWS\SYSTEM32\iwilogu.inf
C:\WINDOWS\SYSTEM32\mco2
C:\WINDOWS\SYSTEM32\mco2\ADI5MDi2.exe
C:\WINDOWS\SYSTEM32\nys3
C:\WINDOWS\SYSTEM32\nys3\iPU560I.exe
C:\WINDOWS\SYSTEM32\pi
C:\WINDOWS\SYSTEM32\TDSSarxx.dll
C:\WINDOWS\SYSTEM32\TDSSdxgp.dll
C:\WINDOWS\SYSTEM32\TDSSmtpe.dat
C:\WINDOWS\SYSTEM32\TDSSnpur.dll
C:\WINDOWS\SYSTEM32\TDSSoitu.dll
C:\WINDOWS\SYSTEM32\TDSSyoqm.dll
C:\WINDOWS\SYSTEM32\WS
C:\WINDOWS\SYSTEM32\WS\WIE45V15.exe
C:\WINDOWS\toqasu.db

.
((((((((((((((((((((((((( Files Created from 2008-09-22 to 2008-10-22 )))))))))))))))))))))))))))))))
.

2008-10-22 12:30 . 2008-10-22 12:30 <DIR> d-------- C:\rsit
2008-10-22 00:24 . 2008-10-22 00:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-21 02:57 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pavboot.sys
2008-10-21 02:56 . 2008-10-21 02:56 <DIR> d-------- C:\Program Files\Panda Security
2008-10-21 02:29 . 2008-10-21 02:29 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-20 17:13 . 2008-10-20 17:13 <DIR> d-------- C:\Documents and Settings\DREW\Application Data\Facegame
2008-10-14 17:47 . 2008-09-08 06:41 333,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys
2008-10-14 17:46 . 2008-08-14 06:11 2,189,184 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe
2008-10-14 17:46 . 2008-08-14 06:09 2,145,280 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-10-14 17:46 . 2008-08-14 05:33 2,066,048 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2008-10-14 17:46 . 2008-08-14 05:33 2,023,936 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
2008-10-14 17:46 . 2008-09-15 08:12 1,846,400 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-10-07 22:59 . 2008-10-07 22:59 <DIR> d-------- C:\Documents and Settings\DREW\Application Data\acccore
2008-10-07 22:59 . 2008-10-07 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-10-07 22:59 . 2008-10-07 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-10-07 22:58 . 2008-10-07 22:58 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-10-07 22:58 . 2008-10-14 20:14 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-10-07 22:57 . 2008-10-14 02:46 <DIR> d-------- C:\Program Files\AIM6
2008-10-07 22:57 . 2008-10-14 02:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-10-07 22:57 . 2008-10-07 22:57 335 --a------ C:\WINDOWS\nsreg.dat
2008-10-07 22:56 . 2008-10-14 02:46 3,234 --ah----- C:\IPH.PH
2008-10-07 22:56 . 2008-10-07 22:56 29 --a------ C:\WINDOWS\atid.ini
2008-10-03 13:39 . 2008-10-03 13:39 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-03 13:39 . 2008-10-03 13:39 <DIR> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 04:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-21 06:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-19 22:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-10-18 04:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-15 15:40 --------- d-----w C:\Program Files\PokerStars
2008-10-15 00:14 --------- d-----w C:\Program Files\AIM
2008-10-09 03:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-10-08 03:16 --------- d-----w C:\Program Files\Viewpoint
2008-10-03 17:41 6,066,176 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-09-19 19:29 --------- d-----w C:\Documents and Settings\DREW\Application Data\LimeWire
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-09-11 07:06 --------- d-----w C:\Program Files\iWin.com
2008-09-11 07:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-11 06:59 --------- d-----w C:\Program Files\DeadFrontierNightOne_at
2008-09-11 06:59 --------- d-----w C:\Program Files\Creative
2008-09-11 06:52 --------- d-----w C:\Program Files\Ares
2008-09-11 06:51 --------- d-----w C:\Program Files\Bigfish Games Miss Management
2008-09-11 06:48 --------- d-----w C:\Program Files\Absolute Poker
2008-09-11 06:37 --------- d-----w C:\Program Files\Sonic
2008-09-11 06:32 --------- d-----w C:\Program Files\Yahoo!
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-08 01:55 --------- d-----w C:\Documents and Settings\DREW\Application Data\Azureus
2008-09-06 04:07 --------- d-----w C:\Program Files\Azureus
2008-08-29 17:00 --------- d-----w C:\Documents and Settings\DREW\Application Data\NewSoft
2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-08-25 08:38 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-08-25 08:37 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-08-24 03:38 --------- d-----w C:\Program Files\QuickScan
2008-08-24 03:37 15,200 ----a-w C:\WINDOWS\SYSTEM32\jjstm.dll
2008-08-23 05:56 635,848 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-08-23 05:54 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-08-22 04:00 --------- d-----w C:\Documents and Settings\DREW\Application Data\Move Networks
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2008-07-30 14:47 643,072 ----a-w C:\Program Files\iPodUpdaterExt.dll
2008-07-30 14:47 5,824 ----a-w C:\Program Files\About iTunes.rtf
2008-07-30 14:47 438,272 ----a-w C:\Program Files\CDDBControlApple.dll
2008-07-30 14:47 289,064 ----a-w C:\Program Files\iTunesHelper.exe
2008-07-30 14:47 283,136 ----a-w C:\Program Files\iTunesOutlookAddIn.dll
2008-07-30 14:47 20,252,968 ----a-w C:\Program Files\iTunes.exe
2008-07-30 14:47 172,544 ----a-w C:\Program Files\iTunesPhotoSupport.dll
2008-07-30 14:47 132,392 ----a-w C:\Program Files\iTunesMiniPlayer.dll
2008-07-30 14:47 116,008 ----a-w C:\Program Files\ITDetector.ocx
2008-07-30 14:47 108,328 ----a-w C:\Program Files\iTunesAdmin.dll
2008-07-30 14:44 8,356 ----a-w C:\Program Files\Acknowledgements.rtf
2007-04-23 18:21 269,824 ----a-w C:\WINDOWS\INF\WG111v3\Vista64\wg111v3.sys
2007-04-23 18:11 224,896 ----a-w C:\WINDOWS\INF\WG111v3\wg111v3.sys
2006-12-15 15:30 98,304 ----a-w C:\WINDOWS\INF\WG111v3\UScanM.exe
2006-12-15 15:30 66,048 ----a-w C:\WINDOWS\INF\WG111v3\EAPPkt.sys
2006-12-15 15:30 315,392 ----a-w C:\WINDOWS\INF\WG111v3\InstallDriver.exe
2006-12-15 15:30 28,672 ----a-w C:\WINDOWS\INF\WG111v3\SetDrv.exe
2006-12-15 15:30 212,992 ----a-w C:\WINDOWS\INF\WG111v3\CopyWHQLDriver.exe
2006-12-15 15:30 20,480 ----a-w C:\WINDOWS\INF\WG111v3\RTWUPath.exe
2006-12-15 15:30 19,968 ----a-w C:\WINDOWS\INF\WG111v3\RTWREFU.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.AP41"= APmpg4v1.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSpxfe.sys]
@="driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v3 Smart Wizard.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
backup=C:\WINDOWS\pss\NETGEAR WG111v3 Smart Wizard.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
backup=C:\WINDOWS\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^DREW^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
path=C:\Documents and Settings\DREW\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
backup=C:\WINDOWS\pss\iWin Desktop Alerts.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^DREW^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\DREW\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 05:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 15:35 67112 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 20:42 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2007-04-03 21:50 1603152 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
--a------ 2007-05-14 21:01 644696 C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
--a------ 2002-09-30 02:00 45056 C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2002-10-29 10:18 49152 C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 06:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-11 12:43 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a------ 2003-09-03 21:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2006-07-29 19:34 5354792 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2003-07-13 02:49 155648 C:\WINDOWS\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2007-02-04 12:02 79400 C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2004-04-11 21:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-10-25 09:03 210472 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-04-13 04:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-16 10:54 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-01-01 04:46 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2004-11-22 08:18 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 02:00 90112 C:\WINDOWS\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2003-10-07 12:39 90112 C:\PROGRA~1\SYMANT~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-01-15 18:54 37376 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
--a------ 2006-08-11 14:45 74752 C:\WINDOWS\SYSTEM32\CTASIO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-11 14:56 18944 C:\WINDOWS\SYSTEM32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtxfiReg]
--a------ 2006-08-11 14:53 42496 C:\WINDOWS\SYSTEM32\CTXFIREG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=3 (0x3)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"WMDM PMSP Service"=2 (0x2)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"w32time"=2 (0x2)
"VSS"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"usnsvc"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"ose"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Norton AntiVirus Server"=2 (0x2)
"Nla"=3 (0x3)
"Network Monitor"=2 (0x2)
"NetSvc"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"napagent"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"MDM"=2 (0x2)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"IDriverT"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"Fax"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"EapHost"=3 (0x3)
"DSBrokerService"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"DefWatch"=2 (0x2)
"CryptSvc"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"COMSysApp"=3 (0x3)
"cmdService"=2 (0x2)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=3 (0x3)
"AVG Anti-Spyware Guard"=2 (0x2)
"AudioSrv"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"ALG"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Documents and Settings\\DREW\\Desktop\\ZSNESW.EXE"=
"C:\\Program Files\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2007-10-09 38144]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 pohci13F;pohci13F;C:\DOCUME~1\DREW\LOCALS~1\Temp\pohci13F.sys [ ]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 224896]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96af424c-b576-11da-b7f4-00111135afe4}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-10-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-10-20 C:\WINDOWS\Tasks\Norton Security Scan for DREW.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-22 14:06:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\NavLogon.dll
.
Completion time: 2008-10-22 14:09:17
ComboFix-quarantined-files.txt 2008-10-22 18:08:39
ComboFix2.txt 2008-10-22 17:05:13

Pre-Run: 31,240,167,424 bytes free
Post-Run: 31,242,104,832 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

373 --- E O F --- 2008-10-15 00:08:00
  • 0

#10
kahdah
Posted 22 October 2008 - 06:51 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
===========================
2. Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
====================
3. Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

Advertisements

#11
AE77surfer
Posted 22 October 2008 - 07:15 PM

AE77surfer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 3

10/22/2008 9:12:32 PM
mbam-log-2008-10-22 (21-12-32).txt

Scan type: Quick Scan
Objects scanned: 56055
Time elapsed: 6 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\XP_Antispyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instbndlkeyldr (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Clifford Martin\Start Menu\Programs\WhenU (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\DREW\Application Data\Facegame (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\DREW\Start Menu\Programs\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Clifford Martin\Start Menu\Programs\WhenU\Learn More About WhenU Save.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\Clifford Martin\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\DREW\Application Data\Facegame\Facegame.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\DREW\Start Menu\Programs\BitDownload\BitDownload Downloads.lnk (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Documents and Settings\DREW\Desktop\XP_AntiSpyware.lnk (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DREW\Application Data\Microsoft\Internet Explorer\Quick Launch\XP_AntiSpyware.lnk (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\TDSSnmxh.log (Trojan.TDSS) -> Quarantined and deleted successfully.
  • 0

#12
kahdah
Posted 22 October 2008 - 07:41 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok great please proceed with the other scan thank you.
  • 0

#13
AE77surfer
Posted 27 October 2008 - 01:45 PM

AE77surfer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
ok, sorry for the delay, ive tried to run the kaspersky scanner several times over the last few days and it has never gotten past 50%, so last night i try to restart in safe mode with networking and now my internet connections dont work. there is nothing in my network places and nothing in the device manager. i know the internet is connecting to the computer because im on a laptop running off my wireless connection. so if you could please help it would be much appreicated thanks again... also when i restart the computer normally it gives me the option to load XP or windows recovery console, not sure if that means anything or not

Edited by AE77surfer, 27 October 2008 - 03:54 PM.

  • 0

#14
kahdah
Posted 27 October 2008 - 08:14 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Did your computer happen to install any updates?
Service Pack 3 maybe?
  • 0

#15
AE77surfer
Posted 27 October 2008 - 08:17 PM

AE77surfer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
definitly installed updates, not sure about SP 3 tho, how do i check?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP