 |
 |
|
|
|||||||
|
||||||||
01-24-2008, 06:48 AM
|
#1 (permalink) |
|
New Member
 Join Date: Jan 2008
Posts: 12
|
Need help ASAP with smitfraud and rootkit removal
Help please. Spybot is telling me I have smitfraud infection and spyware doctor says I have the rootkit infection. I have a hjt log, please help:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:51:52 PM, on 1/23/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.w-w-w-dot-com.com/start.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing) O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing) O2 - BHO: (no name) - {A2B0F6B3-77FF-4BD6-8B44-50242E7592FE} - blank (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\s wg.dll O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\toolbar.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - blank (file missing) O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\toolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing) O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [SpywareRemover] C:\Program Files\SpywareRemover\SpywareRemover.exe -boot O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Microsoft Broadband Networking.lnk = ? O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing) O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: PopupDummy! - {3C75C1F5-6D83-11d6-9855-00065B6980E9} - C:\Program Files\PopupDummy!\PopupDummy! 3.293.EXE (HKCU) O9 - Extra 'Tools' menuitem: PopupDummy! - {3C75C1F5-6D83-11d6-9855-00065B6980E9} - C:\Program Files\PopupDummy!\PopupDummy! 3.293.EXE (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/s...OS/tgctlcm.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1149659173625 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: jibtzrwq - d3dimb.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - Unknown owner - C:\Program Files\ProcessGuard\dcsuserprot.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 10497 bytes |
|
|
|
01-24-2008, 07:14 AM
|
#2 (permalink) |
|
New Member
Join Date: Jan 2008
Posts: 12
|
my combofix log
I installed and ran combofix like I've seen mentioned in some similar situations.
ComboFix 08-01-23.2 - AuVergne Maynard 2008-01-23 21:57:02.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.457 [GMT -8:00] Running from: D:\ComboFix(3).exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\temp\tn3 C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete . ((((((((((((((((((((((((( Files Created from 2007-12-24 to 2008-01-24 ))))))))))))))))))))))))))))))) . 2008-01-23 22:07 . 2008-01-23 22:07 <DIR> d-------- C:\Temp\tn3 2008-01-23 18:02 . 2008-01-23 18:02 451 --a------ C:\fixME.reg 2008-01-23 17:45 . 2008-01-23 17:45 100 --a------ C:\WINDOWS\system32\ikhcore.cfg 2008-01-23 17:06 . 2008-01-23 17:06 <DIR> d-------- C:\Program Files\winvi 2008-01-23 17:06 . 2008-01-23 17:06 6,229,291 --a------ C:\WINDOWS\system32\SBSP.dat 2008-01-23 14:22 . 2008-01-23 14:23 <DIR> d-------- C:\Program Files\SpywareRemover 2008-01-23 13:54 . 2008-01-23 21:43 <DIR> d-------- C:\Program Files\XoftSpySE 2008-01-23 13:22 . 2008-01-23 22:04 167,545 --------- C:\WINDOWS\system32\drivers\core.cache.dsk 2008-01-23 12:27 . 2008-01-23 12:27 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-01-22 22:41 . 2008-01-22 22:41 <DIR> d-------- C:\Program Files\Free Internet TV 2008-01-22 14:55 . 2008-01-23 17:58 <DIR> d-------- C:\Program Files\PopupDummy! 2008-01-22 13:38 . 2008-01-23 17:06 642 --a------ C:\WINDOWS\system32\SBFC.dat 2008-01-22 13:33 . 2008-01-22 13:33 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys 2008-01-22 13:31 . 2008-01-22 13:31 <DIR> d-------- C:\Program Files\Sunbelt Software 2008-01-22 03:27 . 2008-01-22 05:48 <DIR> d-------- C:\Program Files\TrojanHunter 5.0 2008-01-22 01:38 . 2008-01-22 01:38 <DIR> d-------- C:\Program Files\PrevxCSI 2008-01-21 23:21 . 2008-01-22 05:48 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-01-21 23:21 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-01-21 23:21 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-01-21 23:21 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-01-21 23:21 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-01-21 11:57 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-21 01:23 . 2008-01-22 20:09 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-01-21 01:13 . 2008-01-21 01:13 <DIR> d-------- C:\Program Files\Trend Micro 2008-01-20 00:20 . 2008-01-23 13:07 721 --a------ C:\WINDOWS\wininit.ini 2008-01-19 22:21 . 2008-01-19 22:21 <DIR> d-------- C:\Program Files\CleanMyPC Popup Blocker 2008-01-19 21:49 . 2008-01-19 21:51 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy 2008-01-19 21:04 . 2008-01-19 21:04 86,144 --a------ C:\WINDOWS\system32\drivers\tcpip66.sys 2008-01-18 09:02 . 2008-01-22 20:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-18 09:02 . 2008-01-18 09:02 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-01 22:54 . 2008-01-01 22:57 <DIR> d-------- C:\Program Files\DAEMON Tools Pro 2008-01-01 22:50 . 2008-01-01 22:50 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-28 10:18 . 2007-12-28 10:18 8,429 --a------ C:\FIVEHEARTBEATS_1.MDS 2007-12-28 09:46 . 2007-12-28 10:18 8,193,845,248 --a------ C:\FIVEHEARTBEATS_1.ISO 2007-12-25 18:13 . 2007-12-25 18:13 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg 2007-12-25 18:12 . 2007-12-25 18:12 <DIR> d-------- C:\Program Files\iolo 2007-12-25 18:12 . 2008-01-11 10:31 437,096 --a------ C:\WINDOWS\system32\Incinerator.dll 2007-12-25 18:12 . 2007-11-20 22:34 35,840 --a------ C:\WINDOWS\system32\iolobtdfg.exe 2007-12-25 18:12 . 2007-12-14 17:13 23,040 --a------ C:\WINDOWS\system32\smrgdf.exe 2007-12-25 17:08 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll 2007-12-25 17:08 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe 2007-12-25 17:08 . 2003-03-31 04:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls 2007-12-25 17:08 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe 2007-12-25 17:08 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll 2007-12-25 17:08 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll 2007-12-25 17:08 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe 2007-12-25 17:06 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys 2007-12-25 17:05 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys 2007-12-25 17:04 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll 2007-12-25 17:03 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys 2007-12-25 17:02 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys 2007-12-25 17:01 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys 2007-12-25 17:00 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys 2007-12-25 16:59 . 2004-08-04 00:56 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll 2007-12-25 16:58 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll 2007-12-25 16:57 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys 2007-12-25 16:56 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys 2007-12-25 16:55 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys 2007-12-25 16:54 . 2003-03-31 04:00 195,618 --a--c--- C:\WINDOWS\system32\dllcache\c_10002.nls 2007-12-25 16:53 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys 2007-12-25 16:52 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-01-21 20:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-21 09:23 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-01-20 05:49 --------- d-----w C:\Program Files\Yahoo! 2008-01-20 05:49 --------- d-----w C:\Program Files\Common Files\Scanner 2008-01-19 22:02 --------- d-----w C:\Program Files\Siber Systems 2008-01-13 08:18 --------- d-----w C:\Program Files\QuickTime 2007-12-26 13:05 --------- d-----w C:\Program Files\WinISO 2007-12-26 13:05 --------- d-----w C:\Program Files\Hide IP Platinum 2007-12-26 13:05 --------- d-----w C:\Program Files\eMule 2007-12-26 13:05 --------- d-----w C:\Program Files\Apple Software Update 2007-12-26 13:05 --------- d-----w C:\Program Files\AIM 2007-12-22 03:27 --------- d-----w C:\Program Files\Microsoft Broadband Networking 2007-12-21 20:34 --------- d-----w C:\Program Files\CCleaner 2007-12-19 08:24 --------- d-----w C:\Program Files\XviD 2007-03-05 08:10 21,731,328 ----a-w C:\Program Files\Chore Genie 2.0.msi 2007-03-05 08:09 4,187 ----a-w C:\Program Files\0x0409.ini 2006-03-12 03:57 582,216 ----a-w C:\Program Files\GoogleToolbarInstaller.exe 2006-03-12 00:15 9,237,456 ----a-w C:\Program Files\MsnSearchToolbarSetup_en-us.exe 2006-03-12 00:03 5,175,696 ----a-w C:\Program Files\Firefox Setup 1.5.0.1.exe 2005-12-06 02:28 916,806 ----a-w C:\Program Files\Dec2005_MDX1_x86.cab 2005-12-06 02:28 86,925 ----a-w C:\Program Files\Oct2005_xinput_x64.cab 2005-12-06 02:28 46,247 ----a-w C:\Program Files\Oct2005_xinput_x86.cab 2005-12-06 02:28 41,888 ----a-w C:\Program Files\dxdllreg_x86.cab 2005-12-06 02:28 3,673,932 ----a-w C:\Program Files\Dec2005_MDX1_x86_Archive.cab 2005-12-06 02:28 1,358,864 ----a-w C:\Program Files\Dec2005_d3dx9_28_x64.cab 2005-12-06 02:27 1,080,344 ----a-w C:\Program Files\Dec2005_d3dx9_28_x86.cab 2005-12-06 02:00 976,020 ----a-w C:\Program Files\BDAXP.cab 2005-12-06 02:00 81,092 ----a-w C:\Program Files\dxupdate.cab 2005-12-06 02:00 74,448 ----a-w C:\Program Files\DSETUP.dll 2005-12-06 02:00 703,080 ----a-w C:\Program Files\BDA.cab 2005-12-06 02:00 484,560 ----a-w C:\Program Files\DXSETUP.exe 2005-12-06 02:00 2,247,888 ----a-w C:\Program Files\dsetup32.dll 2005-12-06 02:00 15,493,481 ----a-w C:\Program Files\DirectX.cab 2005-12-06 02:00 13,265,040 ----a-w C:\Program Files\dxnt.cab 2005-12-06 02:00 1,351,430 ----a-w C:\Program Files\Aug2005_d3dx9_27_x64.cab 2005-12-06 02:00 1,348,242 ----a-w C:\Program Files\Apr2005_d3dx9_25_x64.cab 2005-12-06 02:00 1,336,890 ----a-w C:\Program Files\Jun2005_d3dx9_26_x64.cab 2005-12-06 02:00 1,248,387 ----a-w C:\Program Files\Feb2005_d3dx9_24_x64.cab 2005-12-06 02:00 1,156,363 ----a-w C:\Program Files\BDANT.cab 2005-12-06 02:00 1,079,850 ----a-w C:\Program Files\Apr2005_d3dx9_25_x86.cab 2005-12-06 02:00 1,078,532 ----a-w C:\Program Files\Aug2005_d3dx9_27_x86.cab 2005-12-06 02:00 1,065,813 ----a-w C:\Program Files\Jun2005_d3dx9_26_x86.cab 2005-12-06 02:00 1,014,113 ----a-w C:\Program Files\Feb2005_d3dx9_24_x86.cab 2004-06-21 06:12 1,433,902 ----a-w C:\Program Files\UltraVNC-100-RC18-Setup.exe 2003-03-31 12:00 94,784 --sh--w C:\WINDOWS\twain.dll 2004-08-04 07:56 50,688 --sh--w C:\WINDOWS\twain_32.dll 2004-08-04 07:56 54,784 --sha-w C:\WINDOWS\system32\msvcirt.dll 2004-08-04 07:56 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll 2004-08-04 07:56 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll 2007-05-17 11:28 549,376 --sh--w C:\WINDOWS\system32\oleaut32.dll 2004-08-04 07:56 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll 2004-08-04 07:56 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2B0F6B3-77FF-4BD6-8B44-50242E7592FE}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-23 15:58 68856] "SpywareRemover"="C:\Program Files\SpywareRemover\SpywareRemover.exe" [2008-01-23 13:17 15766768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-19 21:03 579072] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-22 22:44 185896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-19 21:03 219136] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2005-04-25 13:45 36040] C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Microsoft Broadband Networking.lnk - C:\WINDOWS\Installer\{2C84BB95-1DB9-4AC4-8750-F979BBCDD859}\_18be6784.exe [2006-03-11 15:06:20 25214] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jibtzrwq] d3dimb.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HPAiODevice(hp officejet 7100 series) - 1.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HPAiODevice(hp officejet 7100 series) - 1.lnk backup=C:\WINDOWS\pss\HPAiODevice(hp officejet 7100 series) - 1.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^KODAK Software Updater.lnk] backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^AuVergne Maynard^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk] backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^AuVergne Maynard^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk] path=C:\Documents and Settings\AuVergne Maynard\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2007-03-09 10:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 18:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] --a------ 2007-10-04 07:20 50528 C:\Program Files\AIM6\aim6.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --a------ 2006-01-02 16:41 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA] --a------ 2005-08-30 17:05 344064 C:\WINDOWS\system32\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiTrayTools] --a------ 2005-08-17 13:06 457216 C:\Program Files\Radeon Omega Drivers\v2.6.71\ATI Tray Tools\atitray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2006-11-16 18:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner] --a------ 2007-11-05 23:31 791792 C:\Program Files\CCleaner\CCleaner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-03 23:56 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4] --a------ 2007-03-16 06:51 715888 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eamonn] C:\Program Files\Eamonn\bin\Eamonn.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen Pro] --a------ 2007-05-29 00:27 516096 C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] --a------ 2005-11-02 19:01 50792 C:\Program Files\Common Files\AOL\1142121342\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] --a------ 2007-12-10 14:53 1103752 C:\Program Files\Spyware Doctor\pctsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-09-14 09:00 267064 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] --a------ 2007-01-23 14:44 101136 C:\WINDOWS\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] --a------ 2007-01-23 14:44 101136 C:\WINDOWS\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge] --a------ 2006-06-23 10:33 438359 C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 08:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiRes] --------- 2005-06-07 14:16 54272 C:\Program Files\MultiRes\MultiRes.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 14:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PayPal Virtual Debit Card] C:\PROGRA~1\PayPal\PAYPAL~1\OToolbar.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate] --a------ 2006-11-16 11:42 183367 C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopupDummy!] --a------ 2007-04-01 12:23 2555904 C:\Program Files\PopupDummy!\PopupDummy! 3.293.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxCSI] --a------ 2008-01-22 01:18 92160 C:\Program Files\PrevxCSI\prevxcsi.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray] --a------ 2007-12-21 15:30 698864 C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] --a------ 2001-07-03 09:11 57344 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2006-10-13 17:20 20058152 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer] --a------ 2008-01-11 10:30 832360 C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 00:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2007-06-21 14:06 1318912 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-07-23 15:58 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard] --a------ 2008-01-22 03:29 1046688 C:\Program Files\TrojanHunter 5.0\THGuard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoNotify] C:\Program Files\TiVo\Desktop\TiVoNotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoServer] C:\Program Files\TiVo\Desktop\TiVoServer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoTransfer] C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe] --a------ 2006-02-01 17:33 1880064 C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2006-11-21 09:38 35328 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2006-11-03 17:20 866584 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] --a------ 2005-07-15 13:48 479232 C:\Program Files\Google\Gmail Notifier\gnotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "TivoBeacon2"=2 (0x2) "gusvc"=3 (0x3) R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-01-22 13:33] R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v2.6.71\ATI Tray Tools\atitray.sys [2005-07-31 06:08] R1 tcpip66;tcpip66;C:\WINDOWS\system32\drivers\tcpip6 6.sys [2008-01-19 21:04] R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11] R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11] R2 procguard;procguard;C:\WINDOWS\system32\drivers\pr ocguard.sys [2006-08-09 14:57] R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38] R3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapif s.sys [] S2 DCSPGSRV;DiamondCS ProcessGuard Service v3.410;"C:\Program Files\ProcessGuard\dcsuserprot.exe" [] S2 kfxkvgza;Microsoft System Management BIOS Controller;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs kfxkvgza [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b3796576-c92c-11dc-a7cd-00508d548f38}] \Shell\AutoRun\command - F:\setupSNK.exe *Newly Created Service* - SBAPIFS . Contents of the 'Scheduled Tasks' folder "2008-01-22 07:54:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-01-23 18:31:40 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\system32\rundll32.exe "2008-01-22 23:29:00 C:\WINDOWS\Tasks\HPFRU Task #Hewlett-Packard#hp officejet 7100 series#1142119369.job" - C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpqfrucl.exe:-I "2008-01-24 06:08:24 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-01-24 06:10:08 C:\WINDOWS\Tasks\SpywareRemover Scheduled Scan.job" - C:\Program Files\SpywareRemover\SpywareRemover.ex - C:\Program Files\SpywareRemover . ************************************************** ************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-23 22:08:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . |
|
|
|
|
01-24-2008, 07:27 AM
|
#3 (permalink) |
|
New Member
Join Date: Jan 2008
Posts: 12
|
main.txt
Deckard's System Scanner v20071014.68
Run by AuVergne Maynard on 2008-01-23 22:20:57 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 46: 2008-01-24 06:21:12 UTC - RP47 - Deckard's System Scanner Restore Point 45: 2008-01-24 05:55:56 UTC - RP46 - ComboFix created restore point 44: 2008-01-24 03:13:22 UTC - RP45 - Software Distribution Service 3.0 43: 2008-01-23 22:22:54 UTC - RP44 - Installed SpywareRemover 42: 2008-01-23 20:26:46 UTC - RP43 - Software Distribution Service 3.0 -- First Restore Point -- 1: 2007-12-20 06:01:37 UTC - RP2 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as AuVergne Maynard.exe) ------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:23, on 2008-01-23 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe C:\WINDOWS\SYSTEM32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\AuVergne Maynard.exe C:\Program Files\Atomic Clock Sync\Atomic.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.w-w-w-dot-com.com/start.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing) O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing) O2 - BHO: (no name) - {A2B0F6B3-77FF-4BD6-8B44-50242E7592FE} - blank (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\s wg.dll O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\toolbar.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - blank (file missing) O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\toolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing) O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [SpywareRemover] C:\Program Files\SpywareRemover\SpywareRemover.exe -boot O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Microsoft Broadband Networking.lnk = ? O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing) O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: PopupDummy! - {3C75C1F5-6D83-11d6-9855-00065B6980E9} - C:\Program Files\PopupDummy!\PopupDummy! 3.293.EXE (HKCU) O9 - Extra 'Tools' menuitem: PopupDummy! - {3C75C1F5-6D83-11d6-9855-00065B6980E9} - C:\Program Files\PopupDummy!\PopupDummy! 3.293.EXE (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/s...OS/tgctlcm.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1149659173625 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: jibtzrwq - d3dimb.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - Unknown owner - C:\Program Files\ProcessGuard\dcsuserprot.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 10557 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080123-163049-840 O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -- File Associations ----------------------------------------------------------- .ini - inifile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1 .js - JSFile - shell\open\command - NOTEPAD.EXE %1 .txt - txtfile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1 .vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1 -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 atitray - c:\program files\radeon omega drivers\v2.6.71\ati tray tools\atitray.sys R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys R1 tcpip66 - c:\windows\system32\drivers\tcpip66.sys R2 procguard - c:\windows\system32\drivers\procguard.sys <Not Verified; DiamondCS; DiamondCS ProcessGuard> R3 SBAPIFS - c:\windows\system32\drivers\sbapifs.sys (file missing) S3 catchme - c:\docume~1\auverg~1\locals~1\temp\catchme.sys (file missing) S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows> S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows> S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware> S3 USBAAPL (Apple Mobile USB Driver) - c:\windows\system32\drivers\usbaapl.sys <Not Verified; Apple, Inc.; Apple Mobile Device USB Driver> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager> S2 DCSPGSRV (DiamondCS ProcessGuard Service v3.410) - "c:\program files\processguard\dcsuserprot.exe" (file missing) S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: RAID Controller Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_1408147B&REV_80\3&61A AA01&0&78 Manufacturer: Name: RAID Controller PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_1408147B&REV_80\3&61A AA01&0&78 Service: -- Scheduled Tasks ------------------------------------------------------------- 2008-01-23 22:10:08 542 --a------ C:\WINDOWS\Tasks\SpywareRemover Scheduled Scan.job 2008-01-23 22:08:24 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job 2008-01-23 10:31:40 432 --a------ C:\WINDOWS\Tasks\At1.job 2008-01-22 15:29:00 400 --a------ C:\WINDOWS\Tasks\HPFRU Task #Hewlett-Packard#hp officejet 7100 series#1142119369.job 2008-01-21 23:54:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-12-23 and 2008-01-23 ----------------------------- 2008-01-23 18:02:57 451 --a------ C:\fixME.reg 2008-01-23 17:06:52 6229291 --a------ C:\WINDOWS\system32\SBSP.dat 2008-01-23 17:06:32 0 d-------- C:\Program Files\winvi 2008-01-23 14:23:16 0 d-------- C:\Documents and Settings\AuVergne Maynard\Application Data\SpywareRemover 2008-01-23 14:22:56 0 d-------- C:\Program Files\SpywareRemover 2008-01-23 13:54:59 0 d-------- C:\Program Files\XoftSpySE 2008-01-23 12:27:46 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-01-22 22:43:53 0 d-------- C:\Documents and Settings\AuVergne Maynard\Application Data\Real 2008-01-22 22:41:24 0 d-------- C:\Program Files\Free Internet TV 2008-01-22 21:52:33 0 dr-h----- C:\Documents and Settings\AuVergne Maynard\Recent 2008-01-22 17:09:26 0 d-------- C:\Documents and Settings\Family.HOMEBASE1\Application Data\Sunbelt Software 2008-01-22 17:09:23 0 d-------- C:\Documents and Settings\Family.HOMEBASE1\Application Data\PrevxCSI 2008-01-22 14:55:04 0 d-------- C:\Program Files\PopupDummy! 2008-01-22 13:38:24 642 --a------ C:\WINDOWS\system32\SBFC.dat 2008-01-22 13:32:02 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sunbelt Software 2008-01-22 13:31:30 0 d-------- C:\Program Files\Sunbelt Software 2008-01-22 13:07:19 0 d-------- C:\Documents and Settings\AuVergne Maynard\Application Data\Sunbelt Software 2008-01-22 03:29:29 0 d-------- C:\Documents and Settings\AuVergne Maynard\Application Data\TrojanHunter 2008-01-22 03:27:56 0 d-------- C:\Program Files\TrojanHunter 5.0 2008-01-22 01:38:47 0 d-------- C:\Program Files\PrevxCSI 2008-01-22 01:19:05 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx 2008-01-22 01:18:22 0 d-------- C:\Documents and Settings\AuVergne Maynard\Application Data\PrevxCSI 2008-01-21 23:21:41 0 d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP 2008-01-21 23:21:05 0 d-------- C:\Program Files\Spyware Doctor 2008-01-21 23:21:05 0 d-------- C:\Documents and Settings\AuVergne Maynard\Application Data\PC Tools 2008-01-21 01:23:33 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com 2008-01-21 01:23:27 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-01-21 01:23:27 0 d-------- C:\Documents and Settings\AuVergne Maynard\Application Data\SUPERAntiSpyware.com 2008-01-21 01:13:19 0 d-------- C:\Program Files\Trend Micro 2008-01-19 22:21:20 0 d-------- C:\Program Files\CleanMyPC Popup Blocker 2008-01-19 21:49:06 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy 2008-01-19 21:04:37 86144 --a------ C:\WINDOWS\system32\drivers\tcpip66.sys 2008-01-19 13:57:38 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\RoboForm 2008-01-01 22:57:26 0 d-------- C:\Documents and Settings\AuVergne Maynard\Application Data\DAEMON Tools Pro 2008-01-01 22:57:14 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro 2008-01-01 22:54:42 0 d-------- C:\Program Files\DAEMON Tools Pro 2008-01-01 22:50:48 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-28 15:17:37 0 d-------- C:\Documents and Settings\Family.HOMEBASE1\Application Data\iolo 2007-12-25 18:13:17 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\iolo 2007-12-25 18:12:53 23040 --a------ C:\WINDOWS\system32\smrgdf.exe 2007-12-25 18:12:53 35840 --a------ C:\WINDOWS\system32\iolobtdfg.exe 2007-12-25 18:12:51 0 d-------- C:\Program Files\iolo 2007-12-25 14:52:30 0 d-------- C:\Documents and Settings\AuVergne Maynard\Application Data\iolo 2007-12-25 14:52:30 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\iolo -- Find3M Report --------------------------------------------------------------- 2008-01-23 08:55:24 0 d-------- C:\Documents and Settings\AuVergne Maynard\Application Data\OpenOffice.org2 2008-01-23 08:23:54 0 d-------- C:\Documents and Settings\AuVergne Maynard\Application Data\AVG7 2008-01-22 05:48:11 0 d-------- C:\Documents and Settings\AuVergne Maynard\Application Data\uTorrent 2008-01-21 12:58:11 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-01-21 01:23:05 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-19 21:49:07 0 d-------- C:\Program Files\Common Files\Scanner 2008-01-19 21:49:04 0 d-------- C:\Program Files\Yahoo! 2008-01-19 14:02:11 0 d-------- C:\Program Files\Siber Systems 2008-01-13 00:18:44 0 d-------- C:\Program Files\QuickTime 2007-12-26 05:05:28 0 d-------- C:\Program Files\Apple Software Update 2007-12-26 05:05:28 0 d-------- C:\Program Files\AIM 2007-12-26 05:05:27 0 d-------- C:\Program Files\eMule 2007-12-26 05:05:18 0 d-------- C:\Program Files\Hide IP Platinum 2007-12-26 05:05:07 0 d-------- C:\Program Files\WinISO 2007-12-21 19:27:47 0 d-------- C:\Program Files\Microsoft Broadband Networking 2007-12-21 12:34:43 0 d-------- C:\Program Files\CCleaner 2007-12-21 11:19:02 0 d-------- C:\Documents and Settings\AuVergne Maynard\Application Data\MSN6 2007-12-20 00:41:01 42240 --a------ C:\WINDOWS\system32\xnbmndel.dat 2007-12-20 00:41:01 36096 --a------ C:\WINDOWS\system32\tbendzoo.dat 2007-12-20 00:41:01 246545 --a------ C:\WINDOWS\system32\libssl32.dll <Not Verified; OpenSSL <www.openssl.org>; OpenSSL> 2007-12-20 00:41:01 1188375 --a------ C:\WINDOWS\system32\libeay32.dll <Not Verified; OpenSSL <www.openssl.org>; OpenSSL> 2007-12-20 00:41:01 35072 --a------ C:\WINDOWS\system32\kgzxvsrb.dat 2007-12-20 00:41:01 741632 --a------ C:\WINDOWS\system32\iszeiewd.dat 2007-12-20 00:41:00 120064 --a------ C:\WINDOWS\system32\wydyxjyb.dat 2007-12-19 00:24:08 0 d-------- C:\Program Files\XviD 2007-12-08 09:30:44 664 --a------ C:\WINDOWS\system32\d3d9caps.dat |
|
|
|
|
01-24-2008, 07:28 AM
|
#4 (permalink) |
|
New Member
Join Date: Jan 2008
Posts: 12
|
main.txt cont
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2B0F6B3-77FF-4BD6-8B44-50242E7592FE}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-19 21:03] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-22 22:44] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-23 15:58] "SpywareRemover"="C:\Program Files\SpywareRemover\SpywareRemover.exe" [2008-01-23 13:17] [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" -t C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Microsoft Broadband Networking.lnk - C:\WINDOWS\Installer\{2C84BB95-1DB9-4AC4-8750-F979BBCDD859}\_18be6784.exe [2006-03-11 15:06:20] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jibtzrwq] d3dimb.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SBCSSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HPAiODevice(hp officejet 7100 series) - 1.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HPAiODevice(hp officejet 7100 series) - 1.lnk backup=C:\WINDOWS\pss\HPAiODevice(hp officejet 7100 series) - 1.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^KODAK Software Updater.lnk] backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^AuVergne Maynard^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk] backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^AuVergne Maynard^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk] path=C:\Documents and Settings\AuVergne Maynard\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA] atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiTrayTools] C:\Program Files\Radeon Omega Drivers\v2.6.71\ATI Tray Tools\atitray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eamonn] C:\Program Files\Eamonn\bin\Eamonn.exe -h [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen Pro] "C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" /nosplash [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] C:\Program Files\Common Files\AOL\1142121342\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] KHALMNPR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiRes] C:\Program Files\MultiRes\MultiRes.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PayPal Virtual Debit Card] rundll32.exe C:\PROGRA~1\PayPal\PAYPAL~1\OToolbar.dll,StartUp /dontopenmycards [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe -a [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopupDummy!] C:\Program Files\PopupDummy!\PopupDummy! 3.293.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" -boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "TivoBeacon2"=2 (0x2) "gusvc"=3 (0x3) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs kfxkvgza [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b3796576-c92c-11dc-a7cd-00508d548f38}] AutoRun\command- F:\setupSNK.exe *Newly Created Service* - SBAPIFS -- End of Deckard's System Scanner: finished at 2008-01-23 22:25:07 ------------ |
|
|
|
|
01-24-2008, 07:28 AM
|
#5 (permalink) |
|
New Member
Join Date: Jan 2008
Posts: 12
|
extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Athlon(tm) XP Percentage of Memory in Use: 54% Physical Memory (total/avail): 1022.49 MiB / 465.92 MiB Pagefile Memory (total/avail): 2463.01 MiB / 2024.9 MiB Virtual Memory (total/avail): 2047.88 MiB / 1932.66 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 149.04 GiB total, 51.73 GiB free. D: is Fixed (NTFS) - 232.88 GiB total, 0.08 GiB free. E: is CDROM (No Media) G: is CDROM (No Media) H: is Fixed (NTFS) - 298.09 GiB total, 49.37 GiB free. \\.\PHYSICALDRIVE1 - SAMSUNG SP2514N - 232.88 GiB - 1 partition \PARTITION0 - Installable File System - 232.88 GiB - D: \\.\PHYSICALDRIVE0 - WDC WD1600JB-00GVA0 - 149.05 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 149.04 GiB - C: \\.\PHYSICALDRIVE2 - Seagate FreeAgentDesktop USB Device - 298.09 GiB - 1 partition \PARTITION0 - Installable File System - 298.09 GiB - H: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. AV: AVG 7.5.516 v7.5.516 (Grisoft) [HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List] "C:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"="C:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe:*:Enabled:Microsoft Broadband Network Utility" "C:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"="C:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe:*:Enabled:Microsoft Broadband Networking Tray" "C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"="C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe:*:Enabled:Microsoft Broadband Networking Setup" "C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"="C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe:*:Enabled:Microsoft Broadband Networking Update" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\ \Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Ena bled:Yahoo! Messenger" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS APPDATA=C:\Documents and Settings\AuVergne Maynard\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=HOMEBASE1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\AuVergne Maynard LOGONSERVER=\\HOMEBASE1 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\ System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0a00 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip RNLOG_BASEKEY=Software\RealNetworks\RealPlayer\6.0 \Preferences\BrowserRecordPluginLog SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\AUVERG~1\LOCALS~1\Temp TMP=C:\DOCUME~1\AUVERG~1\LOCALS~1\Temp USERDOMAIN=HOMEBASE1 USERNAME=AuVergne Maynard USERPROFILE=C:\Documents and Settings\AuVergne Maynard windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- AuVergne Maynard (admin) Jamie Maynard (admin) Family.HOMEBASE1 (admin) Jerry cox (admin) -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe" --> C:\PROGRA~1\Yahoo!\Common\unyt.exe --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNRecode.exe /UNINSTALL --> MsiExec.exe /X{EE43210C-266E-4101-8FBC-04378D5E9D42} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003} Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61} AIM 6 --> C:\Program Files\AIM6\uninst.exe Aisha's New Groove Screen Saver --> sstunst2.exe Aisha's New Groove AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM= AOL Toolbar 5.0 --> "C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe" Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center --> MsiExec.exe /I{34566374-6C4D-419F-A9E0-8B21CA905FD8} ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallI NFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class  ISPLAY -cleanATI Parental Control & Encoder --> MsiExec.exe /I{8D70145A-3BD3-4DBF-9CBF-223EF4A43257} Atomic Clock Sync --> C:\PROGRA~1\ATOMIC~1\UNWISE.EXE C:\PROGRA~1\ATOMIC~1\INSTALL.LOG AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL CA Yahoo! Anti-Spy (remove only) --> "C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe" CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992} CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA} CleanMyPC Popup Blocker --> "C:\Program Files\CleanMyPC Popup Blocker\uninst.exe" Clipper v3.6 --> "C:\Program Files\MMRR Software\Clipper\Uninstall.exe" CopyTrans Suite (remove only) --> "C:\Program Files\WindSolutions\CopyTrans Suite\uninstall.exe" Digital Photo Navigator 1.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7EF4BD8-CA13-11D5-AE3D-005004B8E30C}\Setup.exe" -l0x9 DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe" Empire Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe" ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6} ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD} ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4} ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8} ESSEMAIL --> MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340} ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A} ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD} ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765} ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5} ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331} ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589} essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F} essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF} ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69} ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1} Free Internet TV v4.5 --> "C:\Program Files\Free Internet TV\unins000.exe" Gadwin PrintScreen Professional --> C:\Program Files\Gadwin Systems\PrintScreenPro\Uninstall.exe Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe" Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE} HLPSFO --> MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8} Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunins t.exe" hp officejet 7100 series --> C:\WINDOWS\System32\hpocon09.exe /u 1142119369 /d "hp officejet 7100 series" HP Photo Printing Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\Photo Printing\hpiunPC.dll HP Share-to-Web --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" --MAIN -l9 iolo technologies' System Mechanic 7 --> "C:\Program Files\iolo\System Mechanic 7\unins000.exe" iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033 iTunes --> MsiExec.exe /I{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} KhalSetup --> MsiExec.exe /I{C89C8D86-4423-4A58-AA40-DD259ACE07C1} Kodak EasyShare software --> C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak\EasyShareSetup\$SETUP_460007_170fbccf\S etup.exe /APR-REMOVE KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267} Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Magic DVD Ripper V4.3.1 --> "C:\Program Files\MagicDVDRipper\unins000.exe" Microsoft Broadband Networking --> MsiExec.exe /I{2C84BB95-1DB9-4AC4-8750-F979BBCDD859} Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spunins t.exe" Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Mozilla Firefox (2.0.0.11) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall MultiRes (remove only) --> C:\Program Files\MultiRes\uninstal.exe Neopets --> C:\Program Files\Neopets\uninst.exe Nero 7 Ultra Edition --> MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31033} Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2} OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45} OpenOffice.org 2.0 --> MsiExec.exe /I{24C242C0-28C0-43C8-A0A1-FE181F3B3319} OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C} OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353} Plaxo Toolbar for Outlook and Outlook Express --> C:\Program Files\Plaxo\2.12.1.1\uninstall.exe PopupDummy! v3.293 --> "C:\Program Files\PopupDummy!\unins000.exe" Prevx CSI Plus --> "C:\Program Files\PrevxCSI\\prevxcsi.exe" -uninstall Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727} Quicken WillMaker Plus 2007 --> C:\WINDOWS\unvise32.exe C:\Program Files\Quicken WillMaker Plus 2007\uninstal.log QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335} RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Registry Mechanic 5.0 --> "C:\Program Files\Registry Mechanic\unins000.exe" Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52} Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9} RoadRunner --> MsiExec.exe /I{A73EFA95-4872-4AE3-8EE9-10D2E2D713CF} SecondLife (remove only) --> "C:\Program Files\SecondLife\uninst.exe" /P="SecondLife" Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B} SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237} SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE} SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F} Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe" SmartMusic 10 --> C:\Documents and Settings\All Users.WINDOWS\Application Data\MakeMusic\UninstallSmartMusic10.exe Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003} Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG SpywareRemover --> MsiExec.exe /X{8E98CB77-01C5-4519-8A02-24FE022FA641} SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} The Weather Channel Desktop --> C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe" URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF} Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} Verizon Online Help and Support --> C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG Verizon Servicepoint 1.3.21 --> "C:\Program Files\Verizon\Servicepoint\unins000.exe" Video Converter 3 --> C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370} Weather Services --> C:\WINDOWS\system32\control.exe C:\PROGRA~1\THEWEA~1\Framework\wxfw.cpl,4 Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe" Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe winvi (remove only) --> "C:\Program Files\winvi\uninst.exe" WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F} Wootalyzer --> MsiExec.exe /I{3F303305-8654-48B7-89D4-2112FD7C1EC8} WorldofWarcraft.net Exporter --> "C:\Program Files\WWNExporter\Uninstall.exe" XP Repair Pro 2006 --> MsiExec.exe /I{80682344-770B-46CB-B0FF-6A7620B37CBA} Xvid 1.1.3 final uninstall --> "C:\Program Files\XviD\unins001.exe" Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe Yahoo! Widgets --> C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type7939 / Error Event Submitted/Written: 01/23/2008 10:10:07 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application YahooMessenger.exe, version 8.1.0.209, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type7937 / Warning Event Submitted/Written: 01/23/2008 10:05:48 PM Event ID/Source: 4356 / EventSystem Event Description: The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 8000401A. Event Record #/Type7930 / Warning Event Submitted/Written: 01/23/2008 10:03:35 PM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. Event Record #/Type7926 / Warning Event Submitted/Written: 01/23/2008 09:36:47 PM Event ID/Source: 4356 / EventSystem Event Description: The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 8000401A. Event Record #/Type7919 / Warning Event Submitted/Written: 01/23/2008 06:07:30 PM Event ID/Source: 4356 / EventSystem Event Description: The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 8000401A. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type8778 / Warning Event Submitted/Written: 01/23/2008 10:20:59 PM Event ID/Source: 51 / Disk Event Description: An error was detected on device \Device\Harddisk2\D during a paging operation. Event Record #/Type8757 / Error Event Submitted/Written: 01/23/2008 10:05:50 PM Event ID/Source: 7000 / Service Control Manager Event Description: The MCSTRM service failed to start due to the following error: %%2 Event Record #/Type8756 / Error Event Submitted/Written: 01/23/2008 10:05:50 PM Event ID/Source: 7023 / Service Control Manager Event Description: The Microsoft System Management BIOS Controller service terminated with the following error: %%2 Event Record #/Type8755 / Error Event Submitted/Written: 01/23/2008 10:05:50 PM Event ID/Source: 7000 / Service Control Manager Event Description: The DiamondCS ProcessGuard Service v3.410 service failed to start due to the following error: %%3 Event Record #/Type8750 / Error Event Submitted/Written: 01/23/2008 10:02:53 PM Event ID/Source: 7000 / Service Control Manager Event Description: The combofix service failed to start due to the following error: %%1053 -- End of Deckard's System Scanner: finished at 2008-01-23 22:25:07 ------------ |
|
|
|
|
01-24-2008, 08:22 AM
|
#6 (permalink) |
|
Moderator
 
Join Date: Dec 2005
Location: Melbourne, Australia
Age: 21
Posts: 5,123
|
Firstly, your logfile shows that you are running SpywareRemover. This is considered a rogue security program since it uses false positives to try to get you to purchase the full version. See |
