Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log, Tons Of Virus'


  • This topic is locked This topic is locked
16 replies to this topic

#1 j0eyz

j0eyz

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 06 February 2008 - 01:33 PM

the problem just began a couple days ago, i get random pop ups, it takes a lot longer than usual to load up windows and to load up my desktop icons, sometimes it redirects my page to a blank page, and the ads on some sites arent the same ads that should be shown it gives me my own ads.... and spyware doctor keeps telling me that i have the virtumonde virus and rootkit virus.... im using a new updated mcafee, i used spybot search and destroy, rogue remover pro, and spyware doctor, the doctor said it deleted all of my problems but of course...it didnt....it has been running a little bit better since i ran spyware doctor but i still feel something is wrong, here is my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:31:24 PM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Common Files\AOL\1142209960\ee\AOLSoftware.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\program files\common files\aol\1142209960\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Common Files\AOL\1142209960\EE\aolsoftware.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142209960\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm011NEUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) -
O16 - DPF: {01119400-3E00-11D2-8470-0060089874ED} (SupportSoft Listener Control) -
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185757757468
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\rteprejyc.html

--
End of file - 9725 bytes

Edited by j0eyz, 06 February 2008 - 01:37 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:14 PM

Posted 07 February 2008 - 09:04 AM

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 j0eyz

j0eyz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 07 February 2008 - 10:21 PM

ok hopefully i did this correct, here is the combofix log, im runnin HJT after i post this and will post that log within a couple minutes

ComboFix 08-02.05.3 - Owner 2008-02-07 22:01:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.561 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\symdnss.sys
C:\Documents and Settings\Owner\Application Data\FunWebProducts
C:\Program Files\Common Files\rteprejyc.html
C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\Temp\1cb
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\IA
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\drivers\symdnss.sys
C:\WINDOWS\system32\dxlkyubs.dll
C:\WINDOWS\system32\emhjnlow.dll
C:\WINDOWS\system32\grdpkscc.dll
C:\WINDOWS\system32\jmffumwt.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mfnuybsy.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\seqwvpsx.ini
C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.ini2
C:\WINDOWS\system32\teifbpla.dll
C:\WINDOWS\system32\wolnjhme.ini
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\ycattwzv.dllbox
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SYMDNSS
-------\symdnss


((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 )))))))))))))))))))))))))))))))
.

2008-02-07 18:37 . 2008-02-07 21:35 <DIR> d-------- C:\Program Files\Absolute Poker
2008-02-06 14:31 . 2008-02-06 14:31 <DIR> d-------- C:\Documents and Settings\Owner\PARTYPokerDir
2008-02-06 13:23 . 2008-02-06 13:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-05 22:36 . 2007-05-23 16:58 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-05 22:36 . 2007-05-23 16:58 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-05 22:36 . 2007-05-23 16:58 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-05 22:36 . 2007-05-23 16:58 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2008-02-05 22:36 . 2007-05-23 16:58 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-05 22:35 . 2008-02-05 22:48 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-05 22:31 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-02-05 21:30 . 2008-02-05 21:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-02-05 21:30 . 2008-02-05 22:30 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-05 21:19 . 2008-02-05 21:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-02-05 20:13 . 2007-10-30 12:20 360,064 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.ORIGINAL
2008-02-05 20:13 . 2007-10-30 12:20 360,064 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys.ORIGINAL
2008-02-05 20:06 . 2008-02-05 20:06 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-02-05 20:00 . 2008-02-05 21:28 <DIR> d-------- C:\Program Files\BitComet
2008-02-05 17:40 . 2008-02-05 17:40 90,688 --a------ C:\WINDOWS\system32\ysbyunfm.dll
2008-02-05 00:13 . 2008-02-05 00:13 <DIR> d-------- C:\Program Files\RogueRemover PRO
2008-02-05 00:13 . 2008-02-05 00:13 2,013 -rah----- C:\WINDOWS\system32\drivers\hosts
2008-02-05 00:12 . 2008-02-06 03:40 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-05 00:12 . 2008-02-05 00:12 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-02-05 00:08 . 2008-02-05 00:09 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-02-04 23:46 . 2008-02-04 23:46 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-02-04 19:03 . 2008-02-04 19:09 <DIR> d-------- C:\Program Files\AOL Companion
2008-02-04 19:02 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-02-04 19:02 . 2004-06-22 12:13 173,184 --a------ C:\WINDOWS\system32\ygpss.scr
2008-02-04 19:01 . 2006-09-23 13:12 1,497,088 --a------ C:\WINDOWS\system32\shdocvw.bak
2008-02-04 18:54 . 2004-06-22 12:13 29,184 --a------ C:\WINDOWS\system32\popup.ocx
2008-02-04 18:53 . 2008-02-04 19:12 <DIR> d-------- C:\Program Files\AOL 9.0a
2008-02-03 18:45 . 2008-02-07 22:10 12,893 --a------ C:\WINDOWS\system32\Config.MPF
2008-02-03 18:44 . 2008-02-03 18:44 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-02-03 18:43 . 2008-02-04 18:45 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-02-03 18:43 . 2008-02-07 09:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-02-03 18:43 . 2008-02-07 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-02-03 18:39 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-02-03 18:34 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-02-03 18:34 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-02-03 18:34 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-02-03 18:34 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-02-03 18:34 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-02-03 18:32 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-02-03 18:28 . 2008-02-03 18:29 <DIR> d-------- C:\Program Files\McAfee.com
2008-02-03 18:27 . 2008-02-07 21:50 <DIR> d-------- C:\Program Files\McAfee
2008-02-03 18:27 . 2008-02-03 18:34 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-02-03 17:32 . 2008-02-03 17:32 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-02-03 17:28 . 2008-02-04 18:14 <DIR> d-------- C:\WINDOWS\system32\tip4
2008-02-03 17:28 . 2008-02-03 17:59 <DIR> d-------- C:\WINDOWS\system32\rom1
2008-02-03 17:28 . 2008-02-03 23:01 <DIR> d-------- C:\WINDOWS\system32\nGpxx18
2008-02-03 17:28 . 2008-02-03 23:01 <DIR> d-------- C:\WINDOWS\system32\lis6
2008-02-03 17:28 . 2008-02-03 17:28 <DIR> d-------- C:\WINDOWS\system32\kps5
2008-02-03 17:28 . 2008-02-05 01:30 <DIR> d-------- C:\temp\gTiis19
2008-02-03 17:28 . 2008-02-03 17:28 <DIR> d-------- C:\temp\cXzz9
2008-02-02 09:19 . 2008-02-02 09:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\acccore
2008-02-02 09:00 . 2003-08-27 10:29 65,536 --a------ C:\WINDOWS\wanmpsvc.exe
2008-01-30 23:45 . 2008-01-31 08:25 <DIR> d-------- C:\Poker
2008-01-29 17:36 . 2008-01-29 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MGS
2008-01-29 17:34 . 2008-02-03 21:27 <DIR> d-------- C:\WINDOWS\system32\FlashAX
2008-01-29 17:33 . 2008-01-29 17:33 <DIR> d-------- C:\MicroGaming
2008-01-28 22:08 . 2008-01-28 22:08 <DIR> d-------- C:\WINDOWS\system32\bak
2008-01-28 22:08 . 2008-01-28 22:08 <DIR> d-------- C:\WINDOWS\system\bak
2008-01-28 12:45 . 2008-01-28 12:45 <DIR> d-------- C:\VivoxLogs
2008-01-21 22:35 . 2008-01-29 19:35 <DIR> d-------- C:\Program Files\Snood
2008-01-19 19:10 . 2008-01-29 19:33 <DIR> d-------- C:\Program Files\PokerStars

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 23:37 --------- d-----w C:\Program Files\_uninstallation_info
2008-02-07 23:00 --------- d-----w C:\Program Files\Full Tilt Poker
2008-02-06 08:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-06 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-06 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-06 03:53 --------- d-----w C:\Program Files\Webroot
2008-02-06 03:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\Webroot
2008-02-06 01:27 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-02-05 04:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-05 04:38 --------- d-----w C:\Program Files\Lx_cats
2008-02-05 02:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-05 00:01 --------- d-----w C:\Program Files\AOL Toolbar
2008-02-04 23:56 --------- d-----w C:\Program Files\Common Files\aolshare
2008-02-04 23:55 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-04 23:54 --------- d-----w C:\Program Files\ParadisePokerNet
2008-02-04 23:53 --------- d-----w C:\Program Files\DivX
2008-02-04 23:28 --------- d-----w C:\Program Files\PartyGaming
2008-02-04 01:53 --------- d-----w C:\Program Files\AOL 9.0
2008-02-03 23:58 --------- d-----w C:\Program Files\QuickTime
2008-02-03 23:58 --------- d-----w C:\Program Files\Lexmark 5400 Series
2008-02-03 23:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-03 23:25 246 ----a-w C:\Program Files\Common Files\qugataj895
2008-02-03 23:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-03 22:32 278,532 ----a-w C:\WINDOWS\Fonts\Setup.exe
2008-01-30 19:13 --------- d-----w C:\Program Files\AOD
2008-01-30 19:13 --------- d-----w C:\Program Files\AIM
2008-01-30 00:32 --------- d-----w C:\Program Files\Ping Plotter
2008-01-14 06:51 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec
2008-01-07 03:40 --------- d-----w C:\Documents and Settings\Administrator.THING.000\Application Data\Symantec
2008-01-02 20:50 --------- d-----w C:\Program Files\PTI
2007-12-20 23:18 --------- d-----w C:\Documents and Settings\Owner\Application Data\ICAClient
2007-12-13 03:56 --------- d-----w C:\Documents and Settings\Owner\Application Data\AOL
2007-12-13 03:55 --------- d-----w C:\Program Files\Street Challenge
2007-12-13 03:54 --------- d-----w C:\Program Files\HLSW
2007-12-13 03:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-12-13 01:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\Aim
2007-12-13 01:23 --------- d-----w C:\Program Files\Optimum Online
2007-12-13 01:20 790,528 ----a-w C:\setup32.exe
2007-12-13 01:20 458,752 ----a-w C:\Dist32.dll
2007-12-13 01:20 45,056 ----a-w C:\NetUtils.dll
2007-12-13 01:20 344,064 ----a-w C:\Yampa.exe
2007-12-13 01:20 188,416 ----a-w C:\WINDOWS\xnetsurf.exe
2007-12-13 01:20 135,168 ----a-w C:\DHCPD.exe
2007-12-13 00:13 --------- d-----w C:\Program Files\IntelliMover Data Transfer Demo
2007-12-13 00:07 --------- d-----w C:\Program Files\Citrix
2007-12-12 23:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSN6
2007-12-09 13:05 --------- d-----w C:\Program Files\WildTangent
2007-02-10 23:42 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2005-12-05 14:50 9,250 -c--a-w C:\Program Files\Warez P2P ClientIPGUARD.LOG
2005-03-01 15:12 1,795 -c-h--w C:\Documents and Settings\All Users\Application Data\mssaru.dat
2005-02-14 03:48 32 -csha-w C:\WINDOWS\{C9FC61E7-3017-47D8-BE96-9EDD7516F79E}.dat
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 67,112 2006-08-01 19:35:36 C:\Program Files\AIM\bak\aim.exe
----a-w 67,112 2006-08-01 20:35:36 C:\Program Files\AIM\aim.exe

----a-w 50,736 2007-04-18 06:49:00 C:\Program Files\AOL 9.0\bak\AOL.EXE

-c--a-w 180,269 2005-08-08 01:49:52 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

-c--a-w 294,912 2006-07-10 23:30:40 C:\Program Files\Lexmark 5400 Series\bak\fm3032.exe

----a-w 282,624 2007-04-27 13:41:54 C:\Program Files\QuickTime\bak\qttask.exe

-c--a-w 221,184 2003-11-04 00:50:40 C:\WINDOWS\SMINST\bak\RECGUARD.EXE

-c--a-w 52,736 1998-05-08 00:04:38 C:\WINDOWS\system\bak\hpsysdrv.exe

----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\system32\ctfmon.exe

-c--a-w 81,920 2002-10-16 23:57:10 C:\WINDOWS\system32\bak\ps2.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AA819ED-008C-491D-A40F-4D0C2C0A1134}]
C:\Program Files\Windows NT\metob83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9356cd20-96a8-46be-a577-06388bcf6d7f}]
C:\WINDOWS\system32\hbwnoin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4BB41D0-FABE-4674-94CD-24B3E05DF27F}]
C:\WINDOWS\system32\awtss.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6838FB7-F25F-4FDB-932C-8FD4CBCF38DA}]
C:\Program Files\Windows NT\metob4444.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35 67112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HostManager"="C:\Program Files\Common Files\AOL\1142209960\ee\AOLSoftware.exe" [2007-10-08 16:50 41824]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 16:57 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29 1160480]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50 71216]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 14:17 78960]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [ ]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [ ]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-29 15:41 1053264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqnmkh]
urqnmkh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ycattwzv]
ycattwzv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator.THING.000^Start Menu^Programs^Startup^AutoTBar.exe]
path=C:\Documents and Settings\Administrator.THING.000\Start Menu\Programs\Startup\AutoTBar.exe
backup=C:\WINDOWS\pss\AutoTBar.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^AOL Desktop.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AOL Desktop.lnk
backup=C:\WINDOWS\pss\AOL Desktop.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Epson printer Registration.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Epson printer Registration.lnk
backup=C:\WINDOWS\pss\Epson printer Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\GameSpot Download Manager.lnk
backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Nettalk.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Nettalk.lnk
backup=C:\WINDOWS\pss\Nettalk.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 15:35 67112 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a--c--- 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\AOL 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLAspSunset2]
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra--c--- 2006-10-23 07:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-01-02 15:41 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar]
WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\servicesAUTOTBAR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bold dumb]
C:\DOCUME~1\Owner\APPLIC~1\SEEKBO~1\Noun chin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DynSite]
C:\Program Files\NoŽl Danjou\DynSite\DynSite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
--a--c--- 2006-06-06 22:05 98304 C:\Program Files\Lexmark 5400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 12:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-10-08 16:50 41824 C:\Program Files\Common Files\AOL\1142209960\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-03-05 12:57 1103480 C:\Program Files\IGN\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2007-06-28 08:14 270648 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]
--a--c--- 2003-07-14 20:52 40960 C:\WINDOWS\ltmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe]
--a--c--- 2006-06-20 08:37 286720 C:\Program Files\Lexmark 5400 Series\lxctmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\MSMSGS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
--a--c--- 2004-04-05 16:33 99480 C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-11-10 12:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
--a--c--- 2003-10-29 10:17 135168 C:\Program Files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a--c--- 2003-08-19 11:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\warez]
C:\Program Files\Warez P2P Client\warez.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
C:\Program Files\Save\Save.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]
C:\Program Files\WildTangent\Apps\GameChannel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"BITS"=2 (0x2)
"iPod Service"=3 (0x3)
"ALG"=3 (0x3)

S3 ewdmaudn;ewdmaudn;C:\DOCUME~1\Owner\LOCALS~1\Temp\ewdmaudn.sys []
S3 FVNETusb;Linksys Wireless-B USB Network Adapter v2.8 Driver;C:\WINDOWS\system32\DRIVERS\vnet58lx.sys [2004-03-26 13:08]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 03:00:00 C:\WINDOWS\Tasks\AF31223B912ADC0B.job"
- c:\docume~1\owner\applic~1\seekbo~1\locks ford list.exe
"2008-01-29 01:54:20 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-02-03 23:30:11 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-03 23:30:09 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 22:11:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\WinRAR\rarext.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
c:\program files\common files\aol\1142209960\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\AOL Companion\companion.exe
.
**************************************************************************
.
Completion time: 2008-02-07 22:18:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-08 03:18:53
.
2008-01-09 08:03:16 --- E O F ---


here's the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:33 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\AOL\1142209960\ee\AOLSoftware.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
c:\program files\common files\aol\1142209960\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\AOL\1142209960\EE\aolsoftware.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7AA819ED-008C-491D-A40F-4D0C2C0A1134} - C:\Program Files\Windows NT\metob83122.dll (file missing)
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {9356cd20-96a8-46be-a577-06388bcf6d7f} - C:\WINDOWS\system32\hbwnoin.dll (file missing)
O2 - BHO: (no name) - {A4BB41D0-FABE-4674-94CD-24B3E05DF27F} - C:\WINDOWS\system32\awtss.dll (file missing)
O2 - BHO: (no name) - {C6838FB7-F25F-4FDB-932C-8FD4CBCF38DA} - C:\Program Files\Windows NT\metob4444.dll (file missing)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142209960\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm011NEUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) -
O16 - DPF: {01119400-3E00-11D2-8470-0060089874ED} (SupportSoft Listener Control) -
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185757757468
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: urqnmkh - urqnmkh.dll (file missing)
O20 - Winlogon Notify: ycattwzv - ycattwzv.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11560 bytes

#4 j0eyz

j0eyz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 07 February 2008 - 10:25 PM

here is the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:33 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\AOL\1142209960\ee\AOLSoftware.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
c:\program files\common files\aol\1142209960\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\AOL\1142209960\EE\aolsoftware.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7AA819ED-008C-491D-A40F-4D0C2C0A1134} - C:\Program Files\Windows NT\metob83122.dll (file missing)
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {9356cd20-96a8-46be-a577-06388bcf6d7f} - C:\WINDOWS\system32\hbwnoin.dll (file missing)
O2 - BHO: (no name) - {A4BB41D0-FABE-4674-94CD-24B3E05DF27F} - C:\WINDOWS\system32\awtss.dll (file missing)
O2 - BHO: (no name) - {C6838FB7-F25F-4FDB-932C-8FD4CBCF38DA} - C:\Program Files\Windows NT\metob4444.dll (file missing)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142209960\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm011NEUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) -
O16 - DPF: {01119400-3E00-11D2-8470-0060089874ED} (SupportSoft Listener Control) -
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185757757468
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: urqnmkh - urqnmkh.dll (file missing)
O20 - Winlogon Notify: ycattwzv - ycattwzv.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11560 bytes

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:14 PM

Posted 08 February 2008 - 03:51 AM

Hi,

Yes, you did correct..

Next steps now..

I see you have Absolute Poker installed.
If you didn't install it with intension to play with, I suggest you uninstall it, because in most cases, these programs are supported by malware, getting installed without asking for it and also lead you to sites where malware is lurking.
If you do play it, then leave it alone.


* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\Tasks\AF31223B912ADC0B.job
C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup
C:\Program Files\Common Files\qugataj895
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\system32\ysbyunfm.dll
C:\WINDOWS\system32\vbzip10.dll

Folder::
C:\DOCUME~1\Owner\APPLIC~1\SEEKBO~1
C:\WINDOWS\system32\tip4
C:\WINDOWS\system32\rom1
C:\WINDOWS\system32\nGpxx18
C:\WINDOWS\system32\lis6
C:\WINDOWS\system32\kps5
C:\temp\gTiis19
C:\temp\cXzz9

Driver::
wdmaudn

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BB383206-6DA1-4E80-B62A-3DF950FCC697}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A344D34-5231-452A-8A57-D064AC9B7862}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{01010E00-5E80-11D8-9E86-0007E96C65AE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{01119400-3E00-11D2-8470-0060089874ED}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"=-
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AA819ED-008C-491D-A40F-4D0C2C0A1134}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9356cd20-96a8-46be-a577-06388bcf6d7f}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4BB41D0-FABE-4674-94CD-24B3E05DF27F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6838FB7-F25F-4FDB-932C-8FD4CBCF38DA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"=-
"HPHUPD05"=-
"ISTray"=-
"SpySweeper"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqnmkh]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ycattwzv]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bold dumb]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[-HKEY_LOCAL_MACHINE\software\microsoft\sharedtools\msconfig\startupreg\WhenUSave]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

Also perform next..

* Please download the following file to your desktop:
http://noahdfear.geekstogo.com/FindAWF.exe

Doubleclick FindAWF.exe to start the tool.
Select Option 1 by pressing 1 and then enter. The scan will start and a log will open (awf.txt)
Copy and paste the contents of that log in your next reply as well.

Extra question... I see you tcpip.sys was patched. Are you aware of this? Because some people do patch it for the use of their P2P programs.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 j0eyz

j0eyz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 08 February 2008 - 07:26 PM

honestly i dont even know what that means being that tcpip.sys is patched i dont know why its patched i really dont know anything about it, would counter strike be considered a P2P program??
anyways here is my combofix and HJT log, i'll post the awf log in a minute

ComboFix 08-02.05.3 - Owner 2008-02-08 19:11:39.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.279 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Program Files\Common Files\qugataj895
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\ysbyunfm.dll
C:\WINDOWS\Tasks\AF31223B912ADC0B.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Owner\APPLIC~1\SEEKBO~1
C:\Program Files\Common Files\qugataj895
C:\temp\cXzz9
C:\temp\gTiis19
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\system32\kps5
C:\WINDOWS\system32\kps5\covstadcom7.exe
C:\WINDOWS\system32\lis6
C:\WINDOWS\system32\nGpxx18
C:\WINDOWS\system32\rom1
C:\WINDOWS\system32\tip4
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\ysbyunfm.dll
C:\WINDOWS\Tasks\AF31223B912ADC0B.job

.
((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.

2008-02-07 21:35 . 2004-08-04 02:56 388,608 --a------ C:\kmd.exe
2008-02-07 18:37 . 2008-02-07 21:35 <DIR> d-------- C:\Program Files\Absolute Poker
2008-02-06 14:31 . 2008-02-06 14:31 <DIR> d-------- C:\Documents and Settings\Owner\PARTYPokerDir
2008-02-06 13:23 . 2008-02-06 13:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-05 22:36 . 2007-05-23 16:58 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-05 22:36 . 2007-05-23 16:58 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-05 22:36 . 2007-05-23 16:58 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-05 22:36 . 2007-05-23 16:58 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2008-02-05 22:36 . 2007-05-23 16:58 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-05 22:35 . 2008-02-05 22:48 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-05 22:31 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-02-05 21:30 . 2008-02-05 21:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-02-05 21:30 . 2008-02-05 22:30 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-05 21:19 . 2008-02-05 21:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-02-05 20:13 . 2007-10-30 12:20 360,064 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.ORIGINAL
2008-02-05 20:13 . 2007-10-30 12:20 360,064 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys.ORIGINAL
2008-02-05 20:06 . 2008-02-05 20:06 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-02-05 20:00 . 2008-02-05 21:28 <DIR> d-------- C:\Program Files\BitComet
2008-02-05 00:13 . 2008-02-05 00:13 <DIR> d-------- C:\Program Files\RogueRemover PRO
2008-02-05 00:13 . 2008-02-05 00:13 2,013 -rah----- C:\WINDOWS\system32\drivers\hosts
2008-02-05 00:12 . 2008-02-06 03:40 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-05 00:12 . 2008-02-05 00:12 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-02-05 00:08 . 2008-02-05 00:09 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-02-04 23:46 . 2008-02-04 23:46 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-02-04 19:03 . 2008-02-04 19:09 <DIR> d-------- C:\Program Files\AOL Companion
2008-02-04 19:02 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-02-04 19:02 . 2004-06-22 12:13 173,184 --a------ C:\WINDOWS\system32\ygpss.scr
2008-02-04 19:01 . 2006-09-23 13:12 1,497,088 --a------ C:\WINDOWS\system32\shdocvw.bak
2008-02-04 18:54 . 2004-06-22 12:13 29,184 --a------ C:\WINDOWS\system32\popup.ocx
2008-02-04 18:53 . 2008-02-04 19:12 <DIR> d-------- C:\Program Files\AOL 9.0a
2008-02-03 18:45 . 2008-02-07 22:13 12,893 --a------ C:\WINDOWS\system32\Config.MPF
2008-02-03 18:44 . 2008-02-03 18:44 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-02-03 18:43 . 2008-02-04 18:45 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-02-03 18:43 . 2008-02-07 09:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-02-03 18:43 . 2008-02-08 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-02-03 18:39 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-02-03 18:34 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-02-03 18:34 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-02-03 18:34 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-02-03 18:34 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-02-03 18:34 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-02-03 18:32 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-02-03 18:28 . 2008-02-03 18:29 <DIR> d-------- C:\Program Files\McAfee.com
2008-02-03 18:27 . 2008-02-07 21:50 <DIR> d-------- C:\Program Files\McAfee
2008-02-03 18:27 . 2008-02-03 18:34 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-02-02 09:19 . 2008-02-02 09:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\acccore
2008-02-02 09:00 . 2003-08-27 10:29 65,536 --a------ C:\WINDOWS\wanmpsvc.exe
2008-01-30 23:45 . 2008-01-31 08:25 <DIR> d-------- C:\Poker
2008-01-29 17:36 . 2008-01-29 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MGS
2008-01-29 17:34 . 2008-02-03 21:27 <DIR> d-------- C:\WINDOWS\system32\FlashAX
2008-01-29 17:33 . 2008-01-29 17:33 <DIR> d-------- C:\MicroGaming
2008-01-28 22:08 . 2008-01-28 22:08 <DIR> d-------- C:\WINDOWS\system32\bak
2008-01-28 22:08 . 2008-01-28 22:08 <DIR> d-------- C:\WINDOWS\system\bak
2008-01-28 12:45 . 2008-01-28 12:45 <DIR> d-------- C:\VivoxLogs
2008-01-21 22:35 . 2008-01-29 19:35 <DIR> d-------- C:\Program Files\Snood
2008-01-19 19:10 . 2008-01-29 19:33 <DIR> d-------- C:\Program Files\PokerStars

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 23:37 --------- d-----w C:\Program Files\_uninstallation_info
2008-02-07 23:00 --------- d-----w C:\Program Files\Full Tilt Poker
2008-02-06 08:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-06 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-06 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-06 03:53 --------- d-----w C:\Program Files\Webroot
2008-02-06 03:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\Webroot
2008-02-06 01:27 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-02-05 04:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-05 04:38 --------- d-----w C:\Program Files\Lx_cats
2008-02-05 02:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-05 00:01 --------- d-----w C:\Program Files\AOL Toolbar
2008-02-04 23:56 --------- d-----w C:\Program Files\Common Files\aolshare
2008-02-04 23:55 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-04 23:54 --------- d-----w C:\Program Files\ParadisePokerNet
2008-02-04 23:53 --------- d-----w C:\Program Files\DivX
2008-02-04 23:28 --------- d-----w C:\Program Files\PartyGaming
2008-02-04 01:53 --------- d-----w C:\Program Files\AOL 9.0
2008-02-03 23:58 --------- d-----w C:\Program Files\QuickTime
2008-02-03 23:58 --------- d-----w C:\Program Files\Lexmark 5400 Series
2008-02-03 23:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-03 23:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-30 19:13 --------- d-----w C:\Program Files\AOD
2008-01-30 19:13 --------- d-----w C:\Program Files\AIM
2008-01-30 00:32 --------- d-----w C:\Program Files\Ping Plotter
2008-01-14 06:51 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec
2008-01-07 03:40 --------- d-----w C:\Documents and Settings\Administrator.THING.000\Application Data\Symantec
2008-01-02 20:50 --------- d-----w C:\Program Files\PTI
2007-12-20 23:18 --------- d-----w C:\Documents and Settings\Owner\Application Data\ICAClient
2007-12-13 03:56 --------- d-----w C:\Documents and Settings\Owner\Application Data\AOL
2007-12-13 03:55 --------- d-----w C:\Program Files\Street Challenge
2007-12-13 03:54 --------- d-----w C:\Program Files\HLSW
2007-12-13 03:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-12-13 01:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\Aim
2007-12-13 01:23 --------- d-----w C:\Program Files\Optimum Online
2007-12-13 01:20 790,528 ----a-w C:\setup32.exe
2007-12-13 01:20 458,752 ----a-w C:\Dist32.dll
2007-12-13 01:20 45,056 ----a-w C:\NetUtils.dll
2007-12-13 01:20 344,064 ----a-w C:\Yampa.exe
2007-12-13 01:20 188,416 ----a-w C:\WINDOWS\xnetsurf.exe
2007-12-13 01:20 135,168 ----a-w C:\DHCPD.exe
2007-12-13 00:13 --------- d-----w C:\Program Files\IntelliMover Data Transfer Demo
2007-12-13 00:07 --------- d-----w C:\Program Files\Citrix
2007-12-12 23:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSN6
2007-12-09 13:05 --------- d-----w C:\Program Files\WildTangent
2007-02-10 23:42 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2005-12-05 14:50 9,250 -c--a-w C:\Program Files\Warez P2P ClientIPGUARD.LOG
2005-03-01 15:12 1,795 -c-h--w C:\Documents and Settings\All Users\Application Data\mssaru.dat
2005-02-14 03:48 32 -csha-w C:\WINDOWS\{C9FC61E7-3017-47D8-BE96-9EDD7516F79E}.dat
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 67,112 2006-08-01 19:35:36 C:\Program Files\AIM\bak\aim.exe
----a-w 67,112 2006-08-01 20:35:36 C:\Program Files\AIM\aim.exe

----a-w 50,736 2007-04-18 06:49:00 C:\Program Files\AOL 9.0\bak\AOL.EXE

-c--a-w 180,269 2005-08-08 01:49:52 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

-c--a-w 294,912 2006-07-10 23:30:40 C:\Program Files\Lexmark 5400 Series\bak\fm3032.exe

----a-w 282,624 2007-04-27 13:41:54 C:\Program Files\QuickTime\bak\qttask.exe

-c--a-w 221,184 2003-11-04 00:50:40 C:\WINDOWS\SMINST\bak\RECGUARD.EXE

-c--a-w 52,736 1998-05-08 00:04:38 C:\WINDOWS\system\bak\hpsysdrv.exe

----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\system32\ctfmon.exe

-c--a-w 81,920 2002-10-16 23:57:10 C:\WINDOWS\system32\bak\ps2.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AA819ED-008C-491D-A40F-4D0C2C0A1134}]
C:\Program Files\Windows NT\metob83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9356cd20-96a8-46be-a577-06388bcf6d7f}]
C:\WINDOWS\system32\hbwnoin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6838FB7-F25F-4FDB-932C-8FD4CBCF38DA}]
C:\Program Files\Windows NT\metob4444.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35 67112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HostManager"="C:\Program Files\Common Files\AOL\1142209960\ee\AOLSoftware.exe" [2007-10-08 16:50 41824]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 16:57 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29 1160480]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50 71216]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 14:17 78960]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [ ]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [ ]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-29 15:41 1053264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqnmkh]
urqnmkh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ycattwzv]
ycattwzv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator.THING.000^Start Menu^Programs^Startup^AutoTBar.exe]
path=C:\Documents and Settings\Administrator.THING.000\Start Menu\Programs\Startup\AutoTBar.exe
backup=C:\WINDOWS\pss\AutoTBar.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^AOL Desktop.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AOL Desktop.lnk
backup=C:\WINDOWS\pss\AOL Desktop.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Epson printer Registration.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Epson printer Registration.lnk
backup=C:\WINDOWS\pss\Epson printer Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\GameSpot Download Manager.lnk
backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Nettalk.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Nettalk.lnk
backup=C:\WINDOWS\pss\Nettalk.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 15:35 67112 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a--c--- 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\AOL 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLAspSunset2]
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra--c--- 2006-10-23 07:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-01-02 15:41 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar]
WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\servicesAUTOTBAR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bold dumb]
C:\DOCUME~1\Owner\APPLIC~1\SEEKBO~1\Noun chin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DynSite]
C:\Program Files\NoŽl Danjou\DynSite\DynSite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
--a--c--- 2006-06-06 22:05 98304 C:\Program Files\Lexmark 5400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 12:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-10-08 16:50 41824 C:\Program Files\Common Files\AOL\1142209960\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-03-05 12:57 1103480 C:\Program Files\IGN\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2007-06-28 08:14 270648 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]
--a--c--- 2003-07-14 20:52 40960 C:\WINDOWS\ltmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe]
--a--c--- 2006-06-20 08:37 286720 C:\Program Files\Lexmark 5400 Series\lxctmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\MSMSGS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
--a--c--- 2004-04-05 16:33 99480 C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-11-10 12:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
--a--c--- 2003-10-29 10:17 135168 C:\Program Files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a--c--- 2003-08-19 11:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\warez]
C:\Program Files\Warez P2P Client\warez.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
C:\Program Files\Save\Save.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]
C:\Program Files\WildTangent\Apps\GameChannel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"BITS"=2 (0x2)
"iPod Service"=3 (0x3)
"ALG"=3 (0x3)

S3 ewdmaudn;ewdmaudn;C:\DOCUME~1\Owner\LOCALS~1\Temp\ewdmaudn.sys []
S3 FVNETusb;Linksys Wireless-B USB Network Adapter v2.8 Driver;C:\WINDOWS\system32\DRIVERS\vnet58lx.sys [2004-03-26 13:08]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 01:54:20 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exe
"2008-02-03 23:30:11 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-03 23:30:09 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 19:18:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-08 19:20:46
ComboFix-quarantined-files.txt 2008-02-09 00:20:37
ComboFix2.txt 2008-02-08 03:18:58
.
2008-01-09 08:03:16 --- E O F ---








HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:38 PM, on 2/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\AOL\1142209960\ee\AOLSoftware.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
c:\program files\common files\aol\1142209960\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\AOL\1142209960\EE\aolsoftware.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Valve\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142209960\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185757757468
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9505 bytes

#7 j0eyz

j0eyz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 08 February 2008 - 07:33 PM

here is the awf file, when it first started running i got an error message about a missing registry file or something but i clicked ignore becuase it wouldn't run without me ignoring it


Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Fri 02/08/2008
The current time is: 19:27:27.81


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\AIM\BAK

08/01/2006 02:35 PM 67,112 aim.exe
1 File(s) 67,112 bytes

Directory of C:\PROGRA~1\AOL9~1.0\BAK

04/18/2007 01:49 AM 50,736 AOL.EXE
1 File(s) 50,736 bytes

Directory of C:\PROGRA~1\LEXMAR~1\BAK

07/10/2006 06:30 PM 294,912 fm3032.exe
1 File(s) 294,912 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

04/27/2007 08:41 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\SMINST\BAK

11/03/2003 07:50 PM 221,184 RECGUARD.EXE
1 File(s) 221,184 bytes

Directory of C:\WINDOWS\SYSTEM\BAK

05/07/1998 07:04 PM 52,736 hpsysdrv.exe
1 File(s) 52,736 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 02:56 AM 15,360 ctfmon.exe
10/16/2002 06:57 PM 81,920 ps2.exe
2 File(s) 97,280 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HP\{45B61~1\BAK

0 File(s) 0 bytes

Directory of C:\WINDOWS\WT\UPDATER\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

08/07/2005 08:49 PM 180,269 realsched.exe
1 File(s) 180,269 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

4466776 Mar 12 2006 "C:\AOL Instant Messenger\AIM.exe"
67112 Aug 1 2006 "C:\Program Files\AIM\aim.exe"
67112 Aug 1 2006 "C:\Program Files\AIM\bak\aim.exe"
38000 Jun 22 2004 "C:\Program Files\AOL 9.0a\aol.exe"
50736 Apr 18 2007 "C:\Program Files\AOL 9.0\bak\AOL.EXE"
294912 Jul 10 2006 "C:\Program Files\Lexmark 5400 Series\bak\fm3032.exe"
282624 Apr 27 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
221184 Nov 3 2003 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
52736 May 7 1998 "C:\WINDOWS\system\bak\hpsysdrv.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
81920 Oct 16 2002 "C:\hp\drivers\keyboard\PS2.EXE"
81920 Oct 16 2002 "C:\WINDOWS\system32\bak\ps2.exe"
180269 Aug 7 2005 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"


end of report

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:14 PM

Posted 09 February 2008 - 01:10 AM

Hi,

honestly i dont even know what that means being that tcpip.sys is patched i dont know why its patched i really dont know anything about it, would counter strike be considered a P2P program??

It should be your Bitcomet that patched it. Found the info here: http://forums.bitcomet.com/index.php?showtopic=12788614
So don't worry here. :thumbsup:

* Start FindAWF.exe
Select option 2 by pressing 2 and then enter. A text file will open (files.txt).
In that files.txt, copy & paste next list of files to be restored:

"C:\Program Files\AOL 9.0\bak\AOL.EXE"
"C:\Program Files\Lexmark 5400 Series\bak\fm3032.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
"C:\WINDOWS\system\bak\hpsysdrv.exe"
"C:\WINDOWS\system32\bak\ps2.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"


Close the files.txt and click Yes to save the changes.
FindAWF wil now terminate the bad processes if running, delete the bad files and restore/replace them with the good files.
Then it will open a log. Copy and paste the contents of that log in your next reply
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 j0eyz

j0eyz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 10 February 2008 - 06:47 PM

let's see if this worked


Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Sun 02/10/2008
The current time is: 18:39:28.22


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\AIM\BAK

08/01/2006 02:35 PM 67,112 aim.exe
1 File(s) 67,112 bytes

Directory of C:\PROGRA~1\AOL9~1.0\BAK

04/18/2007 01:49 AM 50,736 AOL.EXE
1 File(s) 50,736 bytes

Directory of C:\PROGRA~1\LEXMAR~1\BAK

07/10/2006 06:30 PM 294,912 fm3032.exe
1 File(s) 294,912 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

04/27/2007 08:41 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\SMINST\BAK

11/03/2003 07:50 PM 221,184 RECGUARD.EXE
1 File(s) 221,184 bytes

Directory of C:\WINDOWS\SYSTEM\BAK

05/07/1998 07:04 PM 52,736 hpsysdrv.exe
1 File(s) 52,736 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 02:56 AM 15,360 ctfmon.exe
10/16/2002 06:57 PM 81,920 ps2.exe
2 File(s) 97,280 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HP\{45B61~1\BAK

0 File(s) 0 bytes

Directory of C:\WINDOWS\WT\UPDATER\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

08/07/2005 08:49 PM 180,269 realsched.exe
1 File(s) 180,269 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

4466776 Mar 12 2006 "C:\AOL Instant Messenger\AIM.exe"
67112 Aug 1 2006 "C:\Program Files\AIM\aim.exe"
67112 Aug 1 2006 "C:\Program Files\AIM\bak\aim.exe"
50736 Apr 18 2007 "C:\Program Files\AOL 9.0\AOL.EXE"
38000 Jun 22 2004 "C:\Program Files\AOL 9.0a\aol.exe"
50736 Apr 18 2007 "C:\Program Files\AOL 9.0\bak\AOL.EXE"
294912 Jul 10 2006 "C:\Program Files\Lexmark 5400 Series\fm3032.exe"
294912 Jul 10 2006 "C:\Program Files\Lexmark 5400 Series\bak\fm3032.exe"
282624 Apr 27 2007 "C:\Program Files\QuickTime\qttask.exe"
282624 Apr 27 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
221184 Nov 3 2003 "C:\WINDOWS\SMINST\RECGUARD.EXE"
221184 Nov 3 2003 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
52736 May 7 1998 "C:\WINDOWS\system\hpsysdrv.exe"
52736 May 7 1998 "C:\WINDOWS\system\bak\hpsysdrv.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
81920 Oct 16 2002 "C:\WINDOWS\system32\ps2.exe"
81920 Oct 16 2002 "C:\hp\drivers\keyboard\PS2.EXE"
81920 Oct 16 2002 "C:\WINDOWS\system32\bak\ps2.exe"
180269 Aug 7 2005 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Aug 7 2005 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"


end of report

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:14 PM

Posted 11 February 2008 - 03:26 AM

Hi,

In FindAWF, select option 3, by pressing 3 and then enter.
This will open the text file folders.txt
Copy and paste next list in it:

C:\Program Files\AIM\bak
C:\Program Files\AOL 9.0\bak
C:\Program Files\Lexmark 5400 Series\bak
C:\Program Files\QuickTime\bak
C:\WINDOWS\SMINST\bak
C:\WINDOWS\system32\bak
C:\Program Files\Common Files\Real\Update_OB\bak


Then close folders.txt and let it save the changes.
FindAWF will now remove the bak folders and open a log aferwards.
Copy and paste the contents of that log in your next reply
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 j0eyz

j0eyz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 13 February 2008 - 01:20 AM

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: 2008-02-13
The current time is: 1:15:24.03


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\SYSTEM\BAK

1998-05-07 19:04 52,736 hpsysdrv.exe
1 File(s) 52,736 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HP\{45B61~1\BAK

0 File(s) 0 bytes

Directory of C:\WINDOWS\WT\UPDATER\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

52736 May 7 1998 "C:\WINDOWS\system\hpsysdrv.exe"
52736 May 7 1998 "C:\WINDOWS\system\bak\hpsysdrv.exe"


end of report

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:14 PM

Posted 13 February 2008 - 02:52 AM

Hi,

Only one bak folder remains, but that's OK since it contains legitimate files :thumbsup:

* Now, in FindAWF, select option 4 and enter.
When done, Press E then Enter to EXIT.

Copy and paste a new HijackThislog in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 j0eyz

j0eyz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 13 February 2008 - 06:09 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:10, on 2008-02-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1142209960\ee\AOLSoftware.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\common files\aol\1142209960\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\AOL\1142209960\EE\aolsoftware.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\AOL Companion\companion.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142209960\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185757757468
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: McAfee Application Installer Cleanup (0014151202899520) (0014151202899520mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\001415~1.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9801 bytes

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:14 PM

Posted 13 February 2008 - 06:15 PM

Hi,

This looks OK again.

How are things now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 j0eyz

j0eyz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 14 February 2008 - 09:09 AM

the computer is runnin a lot better thanks to you, now i can go back to playing my online poker :thumbsup:

ps. i promise you if i make some money in poker i will send you a donation, im just a little broke right now ;)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users