Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Identity Theft


  • Please log in to reply
24 replies to this topic

#1 Vince86

Vince86

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 17 July 2007 - 05:06 PM

Hi i just recently found 3 charges to my credit card that i never did. So i called the company who listed these 3 charges and the thief has charged me 3 times to an adult website. This would mean he has my credit card number and pin number. I was wondering if anyone could help me by taking me through the steps to see if their are keyloggers, viruses, spyware etc. on my computer. Thanks and here is a hijackthis log ::::Update I just scanned with AVG antivirus and found trojan horse backdoor agent IQL, im atempting to delete it Please help fast!!!:::::::

$$$$$Ok i am goign to consider reformatting the labtop so i can make sure its 100% clean... So how should i go about saving my data (music/docs), is scanning the cd on the new reformatted computer with a antivirus enough for it to be clean? Also i have an ipod, i have been using it for a while, would it have been infected too somewhere on the hd? what should i do to fix it? thank you$$$$$$$

HERE IS A SCAN LOG OF SOPHOS IF IT IS HELPFUL!!!1

Sophos Anti-Rootkit Version 1.3RC (data 1.06) © 2006 Sophos Plc
Started logging on 5/6/2007 at 13:39:08 PM
Stopped logging on 5/6/2007 at 13:47:20 PM


Sophos Anti-Rootkit Version 1.3RC (data 1.06) © 2006 Sophos Plc
Started logging on 7/17/2007 at 23:21:19 PM
Warning: Failed to query live registry key \HKEY_USERS.
You may not have access rights to the whole registry.
Incorrect function.
Hidden: registry item \HKEY_USERS\.DEFAULT
Hidden: registry item \HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify\PastIconsStream
Hidden: file C:\Documents and Settings\Vincent Lee\Local Settings\Temporary Internet Files\Content.IE5\OX6R8TAJ\WV6CA93POSQCA5QKQ97CAN6SPZ3CAJ5DBY1CADGLGZ7CAFQMPV9CA4GVD9KCA2NKBJECA7IR11ZCAPKX4NRCA58QNWLCAWETNZ9CACXZHLYCA0JE5JFCAM0E2QLCANYB8LXCAF0AI8BCAA9KQJ8CA26802Z
Hidden: file C:\Documents and Settings\Vincent Lee\Local Settings\Temporary Internet Files\Content.IE5\WA0HWBOC\11229_f[1].xml
Hidden: file C:\Program Files\Funcom\Anarchy Online\cd_image\sound\sfx\creatures\mortig\mortig_attack_poke_01.wav
Hidden: file C:\Documents and Settings\Vincent Lee\My Documents\how to become a writer final.doc
Hidden: file C:\Documents and Settings\Vincent Lee\My Documents\My Music\License Backup\drmv2key.bak
Hidden: file C:\Documents and Settings\Vincent Lee\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#suitesmart.com\settings.sol
Hidden: file C:\Program Files\palmOne\LeeV\Addit\PuzzlePack\PuzzlePack\CrazyDaisy\CrazyDaisy.prc
Stopped logging on 7/18/2007 at 0:03:52 AM


Logfile of HijackThis v1.99.1
Scan saved at 6:03:50 PM, on 7/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\AOL\1137888590\ee\AOLSoftware.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Vincent Lee\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137888590\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://resnet.verify.binghamton.edu:8443/r.../CAT/CNICAT.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal..._2_2_Silent.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...424/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Edited by Vince86, 17 July 2007 - 11:06 PM.


BC AdBot (Login to Remove)

 


#2 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 22 July 2007 - 10:33 AM

Hi Vince86,

I'm really sorry to hear about what has happened. In my opinion you should just go ahead and reformat and get it over with. Even tho it is possible that you lost your credit card details in another way--for example, someone may have fished a receipt out of the trash or an unscrupulous employee saved your data when you used it to purchase something--computers infected with backdoors have become epidemic in the last year and the only way to be 100% sure is to wipe your hard drive and reinstall Windows.

The following articles may help with how to do that and making the decision.

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Help: I Got Hacked. Now What Do I Do? Part II

You've already gotten some of this advice in your Am I Infected topic: http://www.bleepingcomputer.com/forums/t/100420/trojan-horse-backdoor-agent-iql-identity-theft/

Reformatting is a pain, but when you do that be sure to secure your system first before getting on the net again. For further info on what you need and how you may have gotten infected, see

How did I get infected?, With steps so it does not happen again!


You had the basics covered, but I noticed in some of your previous posts that you have Limewire installed and you are worried about losing your music. While P2P programs can be used legitimately, their use is a major avenue for distributing malware. Cracks and free music and other media you actually pay for one way or another.

We can look for what may have caused your data loss if you want, but that will take some time and I would rather see you get back on your feet sooner rather than later. Your sensitive data has already been lost so looking for the culprit won't help you with that.

The backdoor agent IQL that AVG found may actually be a false positive--if your sensitive information was lost via a backdoor it was most likely from an earlier infection; in the cyberworld, that kind of data is put on the black market and may sit 'on the shelf" for a period of time. If you would like to help out the rest of the community, let me know which exact file on your system was considered to be backdoor agent IQL and where it was found by looking at your AVG logs.

Let me know what you want to do. If you choose to reformat and still have the same or other questions after carefully reading the information linked to above, I will answer as best I can. You can probably still keep your music if you burn them to CD/DVD, then scan the files on a clean system before opening.

The thing about people

is they change

when they walk away.--Mipso


#3 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 22 July 2007 - 10:46 AM

BTW, you have this log and issue posted at another forum: http://forums.techguy.org/security/597639-...ent-victim.html

I understand you wanting to get a quick answer and posting in more than one forum might increase your chances, but this is frowned on because all the larger HJT forums are swamped and having more than one person looking at a log is an inefficient use of volunteers' time. Now that you have an answer here, let's have any one else that may be looking at your log over there know that they can spend the time helping someone else by posting a request to have the topic closed.

Thanks.

The thing about people

is they change

when they walk away.--Mipso


#4 Vince86

Vince86
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 22 July 2007 - 12:32 PM

hey thanks for replying i really appreciate it, ill close down the other thread.

But here are the files it was in on, C:\Documents and settings\Vincent Lee\My Documents\wrar361.exe:\Rar.exe (Infected,Embedded Object, Deleted)
C:\Documents and settings\Vincent Lee\My Documents\wrar361.exe (Moved to Vault, Archived)
C:\Program Files\WinRAR\Rar.exe (Deleted)

I do want to reformat, but im afraid my computer wouldnt be the same again. Im afraid i cant find all the drivers needed to reinstall. My computer is a dell inspiron 9200 and i looked on dells site and it only listed a few drivers that i do not think is sufficient enough for my computer to work.

I noticed that my logs were clean in the months of may,june when i did scan on my computer. May is when the charges were billed that i didnt authorize but i did not catch the billing till july of this month. So when i did find out i went to my computer and scanned and found a trojan and thought that this was it, i was hacked. But then i remembered i cleaned my computer b4 and it didnt show a trojan. Although i did have trojans b4 a while back, like 5 months ago, i did find them and delete them. So i was hoping a hijack log could help clean my system instead of going through reformatting. But my credit card info was only stolen but none of my accounts on my aim,gmail etc were altered.

My conclusion, was it just a coincedence that i was infected by a trojan on the same day i found out. I did get shunted to a few random webpages b4 that led to adult websites by accident. Maybe i could have gotten the trojan there? Or can it be that the avg could not pick up the virus during the months of may and june that i scanned in?

Well i would like to check first if my computer is clean, but then i would like to reformat it. Right now i m really busy with studying for the MCATS and i need my online time with testing. Could you please help me clean the computer first, and maybe leave a note on how to get drivers and reformat my computer?

I installed keyscrambler if this program helps reduce keylogging. Thanks!!! so much man!

Edited by Vince86, 22 July 2007 - 12:35 PM.


#5 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 22 July 2007 - 02:04 PM

OK, I'll see what I can do about clean up.

As I think you realize now, the last detection by AVG is not a backdoor that sent your data out. It's definitely a false positive: http://64.233.169.104/search?q=cache:WIp30...lient=firefox-a

So that was coincidental. The FP has been reported and the definitions adjusted, so if you want to install winrar again it won't be detected anymore.

As I said, you may not even have been infected with something that would send your data out--could be a low tech thief. I was thinking when I was reviewing your past logs that seemed to only have MyWay and Weatherbug (that are really nothing to worry about) that you were worrying too much and chasing ghosts. However, you may have gotten infected as early as August of last year. Rootkits and other methods of hiding from HJT makes it so that even when your log is clean, it doesn't mean you are malware free. A truly stealthed backdoor won't give itself away and it could be that any scanners like AVG just missed it and our helpers had nothing to go on.

So lets go a little more in depth. Please do the following:

A new version of HijackThis has now been released, so before you repost your log please download and install the new version. In order to get some additional information please do this in the following way:

1. Open Add or Remove Programs via Control Panel and uninstall HijackThis 1.99.1
2. Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges and it is best to run DSS from your Desktop.
3. Close all applications and windows.
4. Double-click on dss.exe to run it, and OK the disclaimer.
5. When the screen in the image below appears, click Yes and follow the promts to download the new version of HijackThis. Please tell your firewall to allow this download.

Posted Image

Note that a shortcut to HijackThis will appear on your desktop and you can run it from there when asked for a follow up log.

6. DSS will now scan your computer. If you get a warning from your anit-virus, please allow it as the scan is not harmful.
7. When complete, two text files will open - main.txt that will include a HijackThis log<- this one will be maximized and extra.txt <-this one will be minimized
8. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply. If you have any problems with the logs, both can be found in C:\Deckard\System Scanner.

I would like to see what ComboFix did back in may. Please open the C:\ComboFix-quarantined-files.txt if it still exists and post its contents in your next reply. First check it's properties--if the creation date is other than 2007-05-06 03:01 let me know. If there is no file, don't worry about it.

The thing about people

is they change

when they walk away.--Mipso


#6 Vince86

Vince86
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 22 July 2007 - 05:02 PM

Thanks man i appreciate the time u guys take to help others! heres the logs, sorry im a bit paranoid about viruses and my computer. in the past i had a computer totally destroyed by a virus.

Deckard's System Scanner v20070711.54
Run by Vincent Lee on 2007-07-22 at 17:52:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-07-22 21:52:25 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Vincent Lee.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:25 PM, on 7/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\AOL\1137888590\ee\AOLSoftware.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\palmOne\Hotsync.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vincent Lee\Desktop\Hijack\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\keyscramblerIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137888590\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\keyscramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\keyscramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://resnet.verify.binghamton.edu:8443/r.../CAT/CNICAT.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal..._2_2_Silent.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...424/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13398 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync04 (StarForce Protection Synchronization Driver (version 4.x)) - c:\windows\system32\drivers\sfsync04.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 asbp2poa - c:\docume~1\vincen~1\locals~1\temp\asbp2poa.sys (file missing)
S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing)
S3 MEMSWEEP2 - c:\windows\system32\48.tmp (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>


-- Scheduled Tasks -------------------------------------------------------------

2007-07-22 00:01:02 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-07-17 21:07:09 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-06-22 and 2007-07-22 -----------------------------

2007-07-21 21:12:54 0 d-------- C:\WINDOWS\system32\SuperAdBlocker.com
2007-07-19 00:48:52 0 d-------- C:\Program Files\Common Files\Java
2007-07-18 20:51:52 0 d-------- C:\Program Files\KeyScrambler
2007-07-18 19:39:22 0 d-------- C:\Program Files\Windows Defender
2007-07-18 13:59:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-07-18 13:49:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-17 22:44:01 0 d-------- C:\Documents and Settings\Vincent Lee\.housecall6.6
2007-07-17 19:16:02 0 dr-h----- C:\$VAULT$.AVG
2007-07-17 18:31:26 0 d-------- C:\Program Files\Spyware Doctor
2007-07-17 18:31:26 0 d-------- C:\Documents and Settings\Vincent Lee\Application Data\PC Tools
2007-07-03 21:11:38 0 d-------- C:\Program Files\iTunes
2007-07-03 21:10:34 0 d-------- C:\Program Files\Common Files\Apple


-- Find3M Report ---------------------------------------------------------------

2007-07-21 21:12:56 5568 --a------ C:\WINDOWS\mozver.dat
2007-07-19 02:04:53 0 d-------- C:\Program Files\SpywareBlaster
2007-07-19 00:50:33 0 d-------- C:\Program Files\Java
2007-07-18 22:33:16 0 d-------- C:\Documents and Settings\Vincent Lee\Application Data\Apple Computer
2007-07-18 16:45:05 0 d-------- C:\Program Files\Funcom
2007-07-18 16:44:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-18 13:59:42 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-07-17 21:19:00 0 d-------- C:\Program Files\QuickTime
2007-07-13 01:37:02 0 d-------- C:\Documents and Settings\Vincent Lee\Application Data\LimeWire
2007-07-10 12:34:15 0 d-------- C:\Program Files\Winamp
2007-07-04 16:21:28 0 d-------- C:\Program Files\WinBoard
2007-07-03 21:11:42 0 d-------- C:\Program Files\iPod
2007-06-11 16:58:27 58592 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-06-11 16:57:00 0 d-------- C:\Program Files\Apple Software Update
2007-06-08 01:26:18 0 d-------- C:\Program Files\Common Files\AOL
2007-06-05 12:13:53 0 d-------- C:\Program Files\AIM6
2007-05-30 03:13:48 0 d-------- C:\Program Files\palmOne
2007-05-30 02:57:25 0 d-------- C:\Program Files\Common Files\Epocrates
2007-05-30 02:57:24 0 d-------- C:\Program Files\Epocrates
2007-05-09 16:22:33 0 --a----c- C:\WINDOWS\system32\SBRC.dat
2007-05-09 16:22:33 0 --a----c- C:\WINDOWS\system32\SBFC.dat


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{2B9F5787-88A5-4945-90E7-C4B18563BC5E} C:\Program Files\KeyScrambler\keyscramblerIE.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\system32\dla\tfswshx.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"SbUsb AudCtrl"="RunDll32 sbusbdll.dll,RCMonitor"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1137888590\\ee\\AOLSoftware.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SDTray"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 9.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 9.0 Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1137888590\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0



-- End of Deckard's System Scanner: finished at 2007-07-22 at 17:55:30 ---------

Deckard's System Scanner v20070711.54
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.80GHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 767.23 MiB / 229.36 MiB
Pagefile Memory (total/avail): 1491.54 MiB / 594.2 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1966 MiB

C: is Fixed (NTFS) - 53.08 GiB total, 8.5 GiB free.
D: is CDROM (Unformatted)
F: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v7.0.337.000 (Check Point, LTD.)
AV: AVG 7.5.476 v7.5.476 (GRISOFT)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Valve\\Steam\\Steam.exe"="C:\\Program Files\\Valve\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Ares Lite Edition\\Ares.exe"="C:\\Program Files\\Ares Lite Edition\\Ares.exe:*:Enabled:Ares"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\xadorus\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\xadorus\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1137888590\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1137888590\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1137888590\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1137888590\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Vincent Lee\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=VINCENT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Vincent Lee
LOGONSERVER=\\VINCENT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Sonic Shared;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\VINCEN~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\VINCEN~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=VINCENT
USERNAME=Vincent Lee
USERPROFILE=C:\Documents and Settings\Vincent Lee
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Vincent Lee (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBLive 24-Bit External\Program\Ctzapxx.EXE" SBUSB.INI /U /S
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\Setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\Setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F445476A-42DE-11D4-80D0-00C04F2750A6}\Setup.exe" -u -uninst -fUninst.isu -c"C:\Program Files\Epocrates\Suite\Win32\Win32_Dll\AupdUnInstall.dll"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Addit --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3161124-2B4D-478F-901A-D21BCAD72C7E}\Setup.exe" -l0x9
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{8FC46258-0843-4D79-B7F0-F2B82FE6173B}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Broadcom Management Programs --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2A6282FF-B75B-463F-90F5-0A43732F690D} /l1033
Chessmaster 10th Edition --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E9AE9A91-AB45-4321-87BD-AD34855D944F}
Conexant D110 MDC V.9x Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Creative EAX Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\Setup.exe" -l0x9 /remove
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove/remove
Creative Speaker Settings --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\Setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9 /remove
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Home Systems Services Agreement --> MsiExec.exe /X{20227921-DB38-4810-9162-DDC6FCA936E7}
Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Media Experience Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CDE4CC8B-134B-421E-943C-90799E56F664}\setup.exe" -l0x9 -L0x9 /SMAINT
Dell Photo Printer 720 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo Printer 720
Dell Picture Studio v3.0 --> MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
Dell Support --> MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
Device Control --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Documents To Go --> MsiExec.exe /X{BDFE199D-E889-4BB6-BECB-C4BDF5700849}
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
Epocrates Essentials --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F445476A-42DE-11D4-80D0-00C04F2750A6}\Setup.exe" -u
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2 --> "C:\Documents and Settings\Vincent Lee\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iTunes --> MsiExec.exe /I{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Photo Album 5 --> MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Jasc Paint Shop Pro Studio, Dell Editon --> MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Kaspersky On-line Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
KeyScrambler --> C:\Program Files\KeyScrambler\uninstall.exe
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.12.11 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
MCAT CD Companion --> "C:\Program Files\Kap.MCAT\unins000.exe"
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver --> MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
Medieval II Total War --> C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\setup.exe -runfromtemp -l0x0009 -removeonly
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.2) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (2.0.0.5) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
palmOne --> MsiExec.exe /X{FF8157AA-F640-45BD-B7C2-BAA1016B267A}
Photo Click --> MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
Photo Loader 2.2E --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70B45586-B51E-4947-A258-A895596C5CED}\Setup.exe" -uninst
Photohands 1.0E --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{544FB392-069D-4BA5-9DC7-FFD47230AEE5}\Setup.exe"
Post-it® Software Notes Lite --> "C:\Program Files\3M\PSNLite\Uninstall.exe" -Prog"C:\Program Files\3M\PSNLite\PsnLite.exe" -INI"C:\Program Files\3M\PSNLite\uninst.ini"
PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sophos Anti-Rootkit 1.3RC --> C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove
Sound Blaster Live! 24-Bit External --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C0054EB-24A5-46A8-80E3-62AAA930DEFA}\SETUP.EXE" -l0x9
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.0 --> C:\Program Files\Spyware Doctor\unins000.exe
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
SUPERAntiSpyware Professional --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Unix Utilities for Yahoo! Widgets --> C:\Program Files\Yahoo!\WidgetEngine\UnixUtils\uninstall.exe
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AE}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinBoard --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WinBoard\Uninst.isu"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live Messenger --> MsiExec.exe /I{FCE50DB8-C610-4C42-BE5C-193F46C6F812}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Yahoo! Widgets --> C:\PROGRA~1\Yahoo!\WIDGET~1\uninstall.exe
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- End of Deckard's System Scanner: finished at 2007-07-22 at 17:55:30 ---------

Found the combo fix it is from may 6 2007

Folder PATH listing
Volume serial number is F89D-4E20
C:\QOOBOX
Invalid path - \QOOBOX
No subfolders exist

Thanks man1!

#7 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 22 July 2007 - 07:43 PM

Well, looks like we may both be chasing ghosts. DSS is not showing anything suspicious. Except you've got the StarForce Copy Protection driver that acts like a rootkit and many people are not happy about. Nothing you can do about it tho as it will be installed whenever you put in whatever game CD its on.

Let's try a couple more scans anyway.

Print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Download SDFix and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.
Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

I see you've run Kaspersky Webscan before--run it again, allowing it to update first and post its log.

The thing about people

is they change

when they walk away.--Mipso


#8 Vince86

Vince86
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 22 July 2007 - 08:35 PM

There is a problem, my webpages have no graphics, i just see text. It is wierd. This is after the atf cleaner and the sdfix. Pages like kaplan.com, bungie.net, and bleepingcomputers is not showing graphics, very minimal pictures such as buttons but most show up just as hyperlink text. It seems like only the forums on bleeping computers are affected but the other parts of the sites look fine. how do i fix this?

Edited by Vince86, 22 July 2007 - 08:46 PM.


#9 Vince86

Vince86
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 22 July 2007 - 09:06 PM

SDFix: Version 1.93

Run by Administrator on Sun 07/22/2007 at 09:07 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Valve\\Steam\\Steam.exe"="C:\\Program Files\\Valve\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Ares Lite Edition\\Ares.exe"="C:\\Program Files\\Ares Lite Edition\\Ares.exe:*:Enabled:Ares"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\xadorus\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\xadorus\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1137888590\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1137888590\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1137888590\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1137888590\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

Remaining Files:
---------------


Files with Hidden Attributes:

C:\Program Files\America Online 9.0\aolphx.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\America Online 9.0\RBM.exe
C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp
C:\Documents and Settings\Vincent Lee\Application Data\Microsoft\Templates\~WRL2664.tmp
C:\Documents and Settings\Vincent Lee\My Documents\~WRL0710.tmp
C:\Documents and Settings\Vincent Lee\My Documents\~WRL0997.tmp
C:\Documents and Settings\Vincent Lee\My Documents\~WRL1135.tmp
C:\Documents and Settings\Vincent Lee\My Documents\~WRL1157.tmp
C:\Documents and Settings\Vincent Lee\My Documents\~WRL1524.tmp
C:\Documents and Settings\Vincent Lee\My Documents\~WRL2395.tmp
C:\Documents and Settings\Vincent Lee\My Documents\~WRL3146.tmp
C:\Documents and Settings\Vincent Lee\My Documents\~WRL3285.tmp
C:\Documents and Settings\Vincent Lee\My Documents\~WRL3696.tmp
C:\Documents and Settings\Vincent Lee\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\Ig Nobel Awards - SciFri Podcast - 2.tmp\AlbumArtSmall.jpg
C:\Documents and Settings\Vincent Lee\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\Ig Nobel Awards - SciFri Podcast - 2.tmp\Folder.jpg

Finished

#10 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 22 July 2007 - 09:32 PM

Hmm, sounds like a Java problem. Is this happening on both Firefox and IE?

SDFix didn't remove anything, so it would have to be something to do with ATF cleaner--perhaps it needs to rebuild Java's cache. Reboot your system and see if that helps. If not uninstall Java and download and reinstall from here: http://www.bleepingcomputer.com/files/killbox.php

Reboot afterwards and let me know how it goes.

The thing about people

is they change

when they walk away.--Mipso


#11 Vince86

Vince86
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 22 July 2007 - 09:35 PM

its only on firefox

#12 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 22 July 2007 - 10:01 PM

OK, I've noticed some people are having trouble with Firefox and Java getting along lately but haven't had the time to look into exactly what is happening or what the solution might be. If rebooting and re-installing Java doesn't help, you might try asking in the Web Browsing/Email and Other Internet Applications forum.

The only thing I can think of at the moment is to check in Ff's Tools>Options>Content tab and make sure Java and Javascript is enabled.

Since Kaspersky uses IE and ActiveX, you should still be able to run that scan.

The thing about people

is they change

when they walk away.--Mipso


#13 Vince86

Vince86
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 23 July 2007 - 02:21 PM

Monday, July 23, 2007 3:19:21 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 23/07/2007
Kaspersky Anti-Virus database records: 366822
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
F:\
Scan Statistics
Total number of scanned objects 82377
Number of viruses found 0
Number of infected objects 0 / 0
Number of suspicious objects 0
Duration of the scan process 01:34:15

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-07182007-194033.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Vincent Lee\Application Data\Mozilla\Firefox\Profiles\ra603x53.default\cert8.db Object is locked skipped
C:\Documents and Settings\Vincent Lee\Application Data\Mozilla\Firefox\Profiles\ra603x53.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Vincent Lee\Application Data\Mozilla\Firefox\Profiles\ra603x53.default\history.dat Object is locked skipped
C:\Documents and Settings\Vincent Lee\Application Data\Mozilla\Firefox\Profiles\ra603x53.default\key3.db Object is locked skipped
C:\Documents and Settings\Vincent Lee\Application Data\Mozilla\Firefox\Profiles\ra603x53.default\parent.lock Object is locked skipped
C:\Documents and Settings\Vincent Lee\Application Data\Mozilla\Firefox\Profiles\ra603x53.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Vincent Lee\Application Data\Mozilla\Firefox\Profiles\ra603x53.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Vincent Lee\Application Data\QSPMShare Object is locked skipped
C:\Documents and Settings\Vincent Lee\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Vincent Lee\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Vincent Lee\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Vincent Lee\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Vincent Lee\Local Settings\Application Data\AOL OCP\AIM\Storage\data\doughyboy86\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Vincent Lee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Vincent Lee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Vincent Lee\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{52A5DAA8-D380-43F6-B44F-AB9CCB54185B} Object is locked skipped
C:\Documents and Settings\Vincent Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\ra603x53.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Vincent Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\ra603x53.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Vincent Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\ra603x53.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Vincent Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\ra603x53.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Vincent Lee\Local Settings\Application Data\Yahoo\Widget Engine\Widgets DB\widgets.db Object is locked skipped
C:\Documents and Settings\Vincent Lee\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Vincent Lee\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Vincent Lee\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped
C:\Documents and Settings\Vincent Lee\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Vincent Lee\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\VINCENT.ldb Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{5BB66B6B-2F29-439B-9E16-9B9006262874}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT017de.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT017fb.TMP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

#14 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 25 July 2007 - 08:25 AM

Well, Vince, all your scans are showing up clean. A couple of temp files that are locked that I can't find much information about, but we can look into that later. Let's run another root kit scanner and see what shows up, but I think your system is going to show up as clean.

Please run a GMER Rootkit scan:

Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it to the desktop and start GMER.exe
Click the Rootkit tab.
Make sure the "Show all" checkbox is unchecked and leave it that way.
Click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results here in your next reply.

If you're having problems with running GMER.exe, try it in safe mode. This tool works in safe mode. Most other rootkit revealers don't.

The thing about people

is they change

when they walk away.--Mipso


#15 Vince86

Vince86
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 27 July 2007 - 03:05 PM

i just think i got infected with the winantivrus pro, i was visiting a website and got the pop up about my computer being slow, i clicked cancel and another pop up came up so i quickly restarted my computer by holding down the power utton.... i know this was a stupid thing to do. I am on another computer and im running a avg scan and spydoctor scan. Also during scanning vsmon.exe was disabled and my zonealarm shut down, i was offline at the time. Dam i have such bad luck guys. Sorry for not getting back sooner i was busy. I also noticed that in my hijackthis folder, there was a copy of hijackthis, it had the same icon but was named vincent lee.exe which is the name of my computer.
heres the gmer scan, i also downloaded vundofix as i did research on the web about winantivirus pro. It said it couldnt find anything.... i also did avg and spydoctor and it showed clean logs.

Sorry papakid for all the trouble i have done. thanks man.

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-07-27 18:20:33
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateKey
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateProcess
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateProcessEx
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwDeleteKey
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwSetValueKey
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwTerminateProcess
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.13 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F710462C 5 Bytes JMP 839E7960
? System32\Drivers\a3bmaiev.SYS The system cannot find the file specified.

---- User code sections - GMER 1.0.13 ----

.text C:\WINDOWS\system32\csrss.exe[248] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\csrss.exe[248] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\csrss.exe[248] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[272] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[272] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[272] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[316] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[316] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[316] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[328] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[328] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[328] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[476] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[476] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[476] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[548] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[548] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Defender\MsMpEng.exe[592] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Defender\MsMpEng.exe[592] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Defender\MsMpEng.exe[592] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[652] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[652] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[652] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[700] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[700] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[700] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[836] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[836] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[836] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\swdsvc.exe[964] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ CF, 9E, C5, 83 ]
.text C:\WINDOWS\Explorer.EXE[976] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[976] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[976] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1100] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1100] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 23, 92, C3, 83 ]
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1100] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1100] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F74C997E] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F74C992A] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F74E4B4E] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F74C997E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74B5AB4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74B5BFA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74B5B7C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74B6728] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74B65FE] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74C8C5A] sptd.sys

---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[836] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[836] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[836] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!OpenServiceW] [6F8A065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[836] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[836] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[836] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[836] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[836] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[836] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!ControlService] [6F8A0680] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[836] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!OpenServiceW] [6F8A065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[836] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[836] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!OpenServiceW] [6F8A065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[836] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!ControlService] [6F8A0680] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[836] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[836] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[836] @ C:\WINDOWS\system32\netapi32.dll [ADVAPI32.dll!OpenServiceA] [6F8A063A] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[836] @ C:\WINDOWS\system32\netapi32.dll [ADVAPI32.dll!ControlService] [6F8A0680] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[836] @ C:\WINDOWS\system32\netapi32.dll [ADVAPI32.dll!OpenServiceW] [6F8A065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[836] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 83B441E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 83B441E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 83B441E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 83B441E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 83B441E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 83B441E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 83B441E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 83B441E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 83B441E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 83B441E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 83B441E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 83B441E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 83B441E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 83B441E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 83B441E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 83B441E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 83B441E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 83B441E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 83B441E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 83B441E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 83B441E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 83B441E8

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7248BC0] ikfileflt.sys

Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 83A11980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 83A11980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 83A11980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 83A11980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 83A11980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 83A11980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 83A11980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 83A11980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 83A11980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 83A11980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 83A11980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 83A11980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 83A11980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 83A11980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 83A11980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 83A11980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 83A11980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 83A11980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 83A11980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 83A11980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 83A11980
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_CREATE 83A0E980
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_CLOSE 83A0E980
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 83A0E980
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 83A0E980
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_POWER 83A0E980
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 83A0E980
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_PNP 83A0E980
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 83BCF1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 83A22980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 83A22980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 83A22980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 83A22980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 83A22980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 83A22980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 83A22980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 83A22980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 83A22980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 83A22980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 83A22980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 83A22980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 83A22980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 83A22980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 83A22980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 83A22980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 83A22980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 83A22980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 83A22980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 83A22980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 83A22980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 83A22980
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 83BCE1E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 83BCE1E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 83BCE1E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 83BCE1E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 83BCE1E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 83BCE1E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 83BCE1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 83BCE1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 83BCE1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 83BCE1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 83BCE1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 83BCE1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 83BCE1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 83BCE1E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 83BCE1E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 83BCE1E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 83BCE1E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 83BCE1E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 83BCE1E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 83BCE1E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 83BCE1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 83BCE1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSE 83BCE1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 83BCE1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 83BCE1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 83BCE1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 83BCE1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 83BCE1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 83BCF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 83BCF1E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 83A11980
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 83A11980
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 83A11980
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 83A11980
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 83A11980
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 83A11980
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 83A11980
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 83A11980
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 83A11980
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 83A11980
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 83A11980
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 83A11980
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 83A11980
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 83A11980
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CREATE 83A11980
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CLOSE 83A11980
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 83A11980
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 83A11980
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_POWER 83A11980
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 83A11980
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_PNP 83A11980
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_CREATE 83A0E980
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_CLOSE 83A0E980
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL 83A0E980
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 83A0E980
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_POWER 83A0E980
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL 83A0E980
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_PNP 83A0E980
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 83BCF1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 83BCF1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 83BCF1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 83BCF1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 83BCF1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 83BCF1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 83BCF1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 83BCF1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 83BCF1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 83BCF1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 83BCF1E8
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_CREATE [F74E1F18] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_CREATE_NAMED_PIPE [F74E1F18] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_CLOSE [F74E1F18] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_READ [F74E1F18] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_WRITE [F74E1F18] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_QUERY_INFORMATION [F74E1F18] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_SET_INFORMATION [F74E1F18] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_QUERY_EA [F74E1F18] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_SET_EA [F74E1F18] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_FLUSH_BUFFERS [F74E1F18] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_QUERY_VOLUME_INFORMATION [F74E1F18] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_SET_VOLUME_INFORMATION [F74E1F18] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_DIRECTORY_CONTROL [F74E1F18] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_FILE_SYSTEM_CONTROL [F74E1F18] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_DEVICE_CONTROL [F74E1F18] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_INTERNAL_DEVICE_CONTROL [F74E1F18] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_SHUTDOWN [F74E1F18] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_LOCK_CONTROL [F74E1F18] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_CLEANUP [F74E1F18] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_CREATE_MAILSLOT [F74E1F18] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_QUERY_SECURITY [F74E1F18] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_SET_SECURITY [F74E1F18] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_POWER [F74C3DB8] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_SYSTEM_CONTROL [F74DE344] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_DEVICE_CHANGE [F74E1F18] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_QUERY_QUOTA [F74E1F18] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_SET_QUOTA [F74E1F18] sptd.sys
Device \Driver\PCI_NTPNP1936 \Device\0000008a IRP_MJ_PNP [F74DF2D0] sptd.sys
Device \Driver\a3bmaiev \Device\Scsi\a3bmaiev1Port2Path0Target0Lun0 IRP_MJ_CREATE 83A0F1E8
Device \Driver\a3bmaiev \Device\Scsi\a3bmaiev1Port2Path0Target0Lun0 IRP_MJ_CLOSE 83A0F1E8
Device \Driver\a3bmaiev \Device\Scsi\a3bmaiev1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 83A0F1E8
Device \Driver\a3bmaiev \Device\Scsi\a3bmaiev1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 83A0F1E8
Device \Driver\a3bmaiev \Device\Scsi\a3bmaiev1Port2Path0Target0Lun0 IRP_MJ_POWER 83A0F1E8
Device \Driver\a3bmaiev \Device\Scsi\a3bmaiev1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 83A0F1E8
Device \Driver\a3bmaiev \Device\Scsi\a3bmaiev1Port2Path0Target0Lun0 IRP_MJ_PNP 83A0F1E8
Device \Driver\a3bmaiev \Device\Scsi\a3bmaiev1 IRP_MJ_CREATE 83A0F1E8
Device \Driver\a3bmaiev \Device\Scsi\a3bmaiev1 IRP_MJ_CLOSE 83A0F1E8
Device \Driver\a3bmaiev \Device\Scsi\a3bmaiev1 IRP_MJ_DEVICE_CONTROL 83A0F1E8
Device \Driver\a3bmaiev \Device\Scsi\a3bmaiev1 IRP_MJ_INTERNAL_DEVICE_CONTROL 83A0F1E8
Device \Driver\a3bmaiev \Device\Scsi\a3bmaiev1 IRP_MJ_POWER 83A0F1E8
Device \Driver\a3bmaiev \Device\Scsi\a3bmaiev1 IRP_MJ_SYSTEM_CONTROL 83A0F1E8
Device \Driver\a3bmaiev \Device\Scsi\a3bmaiev1 IRP_MJ_PNP 83A0F1E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 8389C980
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 8389C980
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 8389C980
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 8389C980
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 8389C980
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 8389C980
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 8389C980
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 8389C980
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 8389C980
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 8389C980
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 8389C980
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 8389C980
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 8389C980
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 8389C980
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 8389C980
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 8389C980
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 8389C980
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 8389C980
Device \FileSystem\Fastfat \Fat FastIoCheckIfPossible F63F71F9

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F7248BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F7248BC0] ikfileflt.sys

Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 838941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 838941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 838941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 838941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 838941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 838941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 838941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 838941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 838941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 838941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 838941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 838941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 838941E8

---- EOF - GMER 1.0.13 ----

Here is another hijack scan
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:02 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Common Files\AOL\1137888590\ee\AOLSoftware.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vincent Lee\Desktop\Hijack\adshfkjhga.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\keyscramblerIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137888590\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\keyscramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\keyscramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://resnet.verify.binghamton.edu:8443/r.../CAT/CNICAT.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal..._2_2_Silent.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...424/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13110 bytes

heres a sdfix


SDFix: Version 1.94

Run by Administrator on Fri 07/27/2007 at 07:16 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Valve\\Steam\\Steam.exe"="C:\\Program Files\\Valve\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Ares Lite Edition\\Ares.exe"="C:\\Program Files\\Ares Lite Edition\\Ares.exe:*:Enabled:Ares"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\xadorus\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\xadorus\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1137888590\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1137888590\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1137888590\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1137888590\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

Remaining Files:
---------------


Files with Hidden Attributes:

C:\Program Files\America Online 9.0\aolphx.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\America Online 9.0\RBM.exe
C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp
C:\Documents and Settings\Vincent Lee\Application Data\Microsoft\Templates\~WRL2664.tmp
C:\Documents and Settings\Vincent Lee\My Documents\~WRL0710.tmp
C:\Documents and Settings\Vincent Lee\My Documents\~WRL0997.tmp
C:\Documents and Settings\Vincent Lee\My Documents\~WRL1135.tmp
C:\Documents and Settings\Vincent Lee\My Documents\~WRL1157.tmp
C:\Documents and Settings\Vincent Lee\My Documents\~WRL1524.tmp
C:\Documents and Settings\Vincent Lee\My Documents\~WRL2395.tmp
C:\Documents and Settings\Vincent Lee\My Documents\~WRL3146.tmp
C:\Documents and Settings\Vincent Lee\My Documents\~WRL3285.tmp
C:\Documents and Settings\Vincent Lee\My Documents\~WRL3696.tmp
C:\Documents and Settings\Vincent Lee\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\Ig Nobel Awards - SciFri Podcast - 2.tmp\AlbumArtSmall.jpg
C:\Documents and Settings\Vincent Lee\My Documents\My Music\iTunes\iTunes Music\Downloads\Podcasts\Ig Nobel Awards - SciFri Podcast - 2.tmp\Folder.jpg

Finished

Edited by Vince86, 27 July 2007 - 06:37 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users