Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fighting Vundo / Cryp_tap-2


  • Please log in to reply
23 replies to this topic

#1 Indigoblue47

Indigoblue47

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 28 March 2008 - 11:49 AM

Reference my thread in the "Windows XP Home and Professional" forum: "Completely in the weeds after running ComboFix.exe"
I have performed all the steps in "Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer"
There are no spyware/malware items being detected now by AVERT, SpyBot Search & Destroy, Adaware, SuperAntiSpyware.
I am running Zone Alarm Free for a fire wall.
Still when I start windows i see two RUNDLL error messages. I am attaching a screenshot of the error messages.
Here's my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25, on 2008-03-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?ie=UTF-8&...p;tab=wn&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {66670974-46d7-88d8-dc64-9ed5a8db0353} - {3530bd8a-5de9-46cd-8d88-7d6447907666} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CF3FC4E8-8132-4D99-B43D-AEC175D64E8B} - (no file)
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [90246839] rundll32.exe "C:\WINDOWS\system32\aqlccyme.dll",b
O4 - HKLM\..\Run: [BM93175ba5] Rundll32.exe "C:\WINDOWS\system32\kediwiab.dll",s
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sysctrls] win32dll.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {44EFB53C-C965-43CF-9F45-52242D134187} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} (UniInstaller Class) - http://webcamnow.com/fs5/voice/voice-installer.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,9...pdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095356385820
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140705516671
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://192.168.1.45/activex/AMC.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://218.4.98.114/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = datastrip.net
O17 - HKLM\Software\..\Telephony: DomainName = datastrip.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = datastrip.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = datastrip.net
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkkhgee - jkkhgee.dll (file missing)
O20 - Winlogon Notify: winbfi32 - winbfi32.dll (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 9631 bytes

Can you suggest a way to get rid of the errors?
Thanks!

Attached Files



BC AdBot (Login to Remove)

 


m

#2 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:02:37 AM

Posted 31 March 2008 - 12:44 PM

Hi Indigoblue47


Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.


Please run HijackThis again, click scan, and put a checkmark next to each of the lines listed below, if still present:

O2 - BHO: {66670974-46d7-88d8-dc64-9ed5a8db0353} - {3530bd8a-5de9-46cd-8d88-7d6447907666} - (no file)
O2 - BHO: (no name) - {CF3FC4E8-8132-4D99-B43D-AEC175D64E8B} - (no file)
O4 - HKLM\..\Run: [90246839] rundll32.exe "C:\WINDOWS\system32\aqlccyme.dll",b
O4 - HKLM\..\Run: [BM93175ba5] Rundll32.exe "C:\WINDOWS\system32\kediwiab.dll",s
O4 - HKCU\..\Run: [Sysctrls] win32dll.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O20 - Winlogon Notify: jkkhgee - jkkhgee.dll (file missing)
O20 - Winlogon Notify: winbfi32 - winbfi32.dll (file missing)



Then close all other windows—you should only see Hijack This on your Desktop—and click the Fix Checked button, and EXIT Hijack This.


Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


Please download SDFix by AndyManchesta and save it to your desktop.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Double click SDFix.exe and it will extract the files to %systemdrive%
  • (this is the drive that contains the Windows Directory, typically C:\SDFix).
  • DO NOT use it just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.
-- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..."
Please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press Ok and then run SDFix again.

-- If the Command Prompt window flashes on then off again on XP or Win 2000, please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\FixPath.exe /Q
Reboot and then run SDFix again.

-- If SDFix still does not run, check the %comspec% variable. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe.
%SystemRoot%\system32\cmd.exe



You are missing one important program on that computer: An antivirus. This is somewhat suicidal in today's digital world. You need to install an antivirus program as soon as you can and run a complete scan of the computer:

Avast - How to Install, Configure, and Use

AVG Anti-Virus Free - AVG Anti-Virus Free User Manual

Active Virus Shield - How to Install, Configure, and Use


Install it and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.


Please post back:

The vundofix.txt
The SDFix report
A new HiJackThis log

#3 Indigoblue47

Indigoblue47
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 01 April 2008 - 02:04 PM

OK- I ran HijackThis and removed the items indicated.
Then I ran VundoFix.
This is the VundoFix log:


VundoFix V7.0.3

Scan started at 14:40:56 2008-04-01

Listing files found while scanning....

No infected files were found.

I re-ran HijackThis.
This is the HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58, on 2008-04-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\OrCAD\OrCAD_15.7i\tools\bin\cdsNameServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?ie=UTF-8&...p;tab=wn&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {44EFB53C-C965-43CF-9F45-52242D134187} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} (UniInstaller Class) - http://webcamnow.com/fs5/voice/voice-installer.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,9...pdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095356385820
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140705516671
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://192.168.1.45/activex/AMC.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://218.4.98.114/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = datastrip.net
O17 - HKLM\Software\..\Telephony: DomainName = datastrip.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = datastrip.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = datastrip.net
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 9933 bytes


I will now run SDFix

#4 Indigoblue47

Indigoblue47
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 01 April 2008 - 02:37 PM

OK-
I ran SDFix
Here is tthe report:

SDFix: Version 1.165

Run by MDoyle on Tue 04/01/2008 at 03:15 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\NERO-8~1.EXE - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 15:25:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a52a938]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a5983f0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a598560]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a598563]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a52a938]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a5983f0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a598560]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a598563]

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000008b
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F2EC09A-C097-9B5B-7B18-D5E278059401}]
"iaijcblonnomjnacac"=hex:6a,61,6d,69,65,62,65,62,64,65,61,62,68,66,6b,69,6d,6a,6e,61,00,..
"hakjeocbgiaiclgo"=hex:6a,61,6d,69,65,62,65,62,64,65,61,62,68,66,6b,69,6d,6a,6e,61,00,..
"iamkihadodhdaemmaa"=hex:63,61,64,69,64,62,00,7c

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Common Files\\CUseeMe Networks Shared\\CUCore.exe"="C:\\Program Files\\Common Files\\CUseeMe Networks Shared\\CUCore.exe:*:Enabled:Core Server"
"C:\\OrCAD\\OrCAD_10.0i\\tools\\bin\\cdsMsgServer.exe"="C:\\OrCAD\\OrCAD_10.0i\\tools\\bin\\cdsMsgServer.exe:*:Enabled:cdsMsgServer"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\CU-SeeMe\\cuseem32.exe"="C:\\Program Files\\CU-SeeMe\\cuseem32.exe:*:Enabled:32-Bit CU-SeeMe for Windows 95/Windows NT"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Disabled:Skype"
"C:\\OrCAD\\OrCAD_10.0i\\tools\\bin\\cdsNameServer.exe"="C:\\OrCAD\\OrCAD_10.0i\\tools\\bin\\cdsNameServer.exe:*:Disabled:cdsNameServer"
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"="C:\\Program Files\\BitTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\OrCAD\\OrCAD_10.3i\\tools\\bin\\cdsMsgServer.exe"="C:\\OrCAD\\OrCAD_10.3i\\tools\\bin\\cdsMsgServer.exe:*:Disabled:cdsMsgServer"
"C:\\orcad\\OrCAD_10.3i\\tools\\bin\\cdsNameServer.exe"="C:\\orcad\\OrCAD_10.3i\\tools\\bin\\cdsNameServer.exe:*:Disabled:cdsNameServer"
"C:\\Program Files\\D4\\D4.exe"="C:\\Program Files\\D4\\D4.exe:*:Enabled:Dimension 4"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\OrCAD\\OrCAD_15.7i\\updates.exe"="C:\\OrCAD\\OrCAD_15.7i\\updates.exe:*:Enabled:updates (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsdoc.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsdoc.exe:*:Enabled:cdsdoc (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsinfo.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsinfo.exe:*:Enabled:cdsinfo (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsmps.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsmps.exe:*:Enabled:cdsmps (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsMsgServer.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsMsgServer.exe:*:Enabled:cdsMsgServer (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsNameServer.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsNameServer.exe:*:Enabled:cdsNameServer (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsOaPathUtil.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsOaPathUtil.exe:*:Enabled:cdsOaPathUtil (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsRemshClient.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsRemshClient.exe:*:Enabled:cdsRemshClient (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsRunHidden.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsRunHidden.exe:*:Enabled:cdsRunHidden (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsUnzip.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsUnzip.exe:*:Enabled:cdsUnzip (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdswhich.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdswhich.exe:*:Enabled:cdswhich (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsZip.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsZip.exe:*:Enabled:cdsZip (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cds_root.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cds_root.exe:*:Enabled:cds_root (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\clsAdminTool.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\clsAdminTool.exe:*:Enabled:clsAdminTool (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\clsbd.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\clsbd.exe:*:Enabled:clsbd (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\clu.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\clu.exe:*:Enabled:clu (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\dregprint.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\dregprint.exe:*:Enabled:dregprint (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\emsMkError.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\emsMkError.exe:*:Enabled:emsMkError (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\mpsinfo.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\mpsinfo.exe:*:Enabled:mpsinfo (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\msgHelp.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\msgHelp.exe:*:Enabled:msgHelp (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\nmp.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\nmp.exe:*:Enabled:nmp (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\nmppath.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\nmppath.exe:*:Enabled:nmppath (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\obServer.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\obServer.exe:*:Enabled:obServer (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\van.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\van.exe:*:Enabled:van (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\versionviewer.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\versionviewer.exe:*:Enabled:versionviewer (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\capture.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\capture.exe:*:Enabled:capture (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\comp16.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\comp16.exe:*:Enabled:comp16 (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\pcadi.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\pcadi.exe:*:Enabled:pcadi (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\pspiceexplorersrvr.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\pspiceexplorersrvr.exe:*:Enabled:pspiceexplorersrvr (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\pstswp.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\pstswp.exe:*:Enabled:pstswp (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\regsvr32.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\regsvr32.exe:*:Enabled:regsvr32 (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\sch2cap.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\sch2cap.exe:*:Enabled:sch2cap (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\SETBROWS.EXE"="C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\SETBROWS.EXE:*:Enabled:SETBROWS (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\tutorial\\CAPTUTOR.EXE"="C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\tutorial\\CAPTUTOR.EXE:*:Enabled:CAPTUTOR (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\cdsdoc\\bin\\cdsdocIndexer.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\cdsdoc\\bin\\cdsdocIndexer.exe:*:Enabled:cdsdocIndexer (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\cdsdoc\\bin\\obServer.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\cdsdoc\\bin\\obServer.exe:*:Enabled:obServer (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\fet\\bin\\mkdefcfg.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\fet\\bin\\mkdefcfg.exe:*:Enabled:mkdefcfg (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\fet\\bin\\versiontool.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\fet\\bin\\versiontool.exe:*:Enabled:versiontool (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\java.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\java.exe:*:Enabled:java (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\javaw.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\javaw.exe:*:Enabled:javaw (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\jpicpl32.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\jpicpl32.exe:*:Enabled:jpicpl32 (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\jucheck.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\jucheck.exe:*:Enabled:jucheck (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\jusched.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\jusched.exe:*:Enabled:jusched (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\keytool.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\keytool.exe:*:Enabled:keytool (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\kinit.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\kinit.exe:*:Enabled:kinit (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\klist.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\klist.exe:*:Enabled:klist (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\ktab.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\ktab.exe:*:Enabled:ktab (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\orbd.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\orbd.exe:*:Enabled:orbd (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\policytool.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\policytool.exe:*:Enabled:policytool (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\rmid.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\rmid.exe:*:Enabled:rmid (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\rmiregistry.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\rmiregistry.exe:*:Enabled:rmiregistry (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\servertool.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\servertool.exe:*:Enabled:servertool (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\tnameserv.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\tnameserv.exe:*:Enabled:tnameserv (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\javaws\\javaws.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\javaws\\javaws.exe:*:Enabled:javaws (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\pspice\\pspiceexplorersrvr.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\pspice\\pspiceexplorersrvr.exe:*:Enabled:pspiceexplorersrvr (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\bin\\cdsdocIndexer.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\bin\\cdsdocIndexer.exe:*:Enabled:cdsdocIndexer (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\bin\\merge.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\bin\\merge.exe:*:Enabled:merge (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\bin\\mkvdk.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\bin\\mkvdk.exe:*:Enabled:mkvdk (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\bin\\search.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\bin\\search.exe:*:Enabled:search (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\bin\\setup.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\bin\\setup.exe:*:Enabled:setup (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\bin\\v_uninst.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\bin\\v_uninst.exe:*:Enabled:v_uninst (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\callback.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\callback.exe:*:Enabled:callback (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\filter.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\filter.exe:*:Enabled:filter (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\htmlini.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\htmlini.exe:*:Enabled:htmlini (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\htmserv.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\htmserv.exe:*:Enabled:htmserv (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\index.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\index.exe:*:Enabled:index (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\jstree.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\jstree.exe:*:Enabled:jstree (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\jvtree.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\jvtree.exe:*:Enabled:jvtree (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\kvoop.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\kvoop.exe:*:Enabled:kvoop (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\regsvr32.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\regsvr32.exe:*:Enabled:regsvr32 (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\summary.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\summary.exe:*:Enabled:summary (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\viewers\\amovie.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\viewers\\amovie.exe:*:Enabled:amovie (Release OrCAD 15.7i)"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\CUseeMe Networks Shared\\CUCore.exe"="C:\\Program Files\\Common Files\\CUseeMe Networks Shared\\CUCore.exe:*:Enabled:Core Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\iVisit\\iVisit.exe"="C:\\Program Files\\iVisit\\iVisit.exe:*:Enabled: iVisit "
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windowsr NetMeetingr"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Java\\jre1.5.0_06\\launch4j-tmp\\ashcast.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\launch4j-tmp\\ashcast.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\D4\\D4.exe"="C:\\Program Files\\D4\\D4.exe:*:Enabled:Dimension 4"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Java\\jre1.5.0_05\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_05\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Java\\jre1.5.0_05\\launch4j-tmp\\ashcast.exe"="C:\\Program Files\\Java\\jre1.5.0_05\\launch4j-tmp\\ashcast.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp:*:Enabled:KazaaLite"
"C:\\Documents and Settings\\MDoyle\\Desktop\\Cindy\\Cindy-0.2.60\\Cindy.exe"="C:\\Documents and Settings\\MDoyle\\Desktop\\Cindy\\Cindy-0.2.60\\Cindy.exe:*:Enabled: "
"C:\\Documents and Settings\\MDoyle\\My Documents\\Zips\\Cindy\\Cindy-0.2.60\\Cindy.exe"="C:\\Documents and Settings\\MDoyle\\My Documents\\Zips\\Cindy\\Cindy-0.2.60\\Cindy.exe:*:Enabled: "
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"="C:\\Program Files\\Paltalk Messenger\\paltalk.exe:*:Enabled:Paltalk Messenger 8.3"
"C:\\Program Files\\nanoCom Corporation\\iSpQ VideoChat\\iSpQVideoChat8.exe"="C:\\Program Files\\nanoCom Corporation\\iSpQ VideoChat\\iSpQVideoChat8.exe:*:Enabled:Video chat software for desktop computers."
"C:\\Program Files\\icuii\\ICUII5.exe"="C:\\Program Files\\icuii\\ICUII5.exe:*:Enabled:ICUII Video Chat Client"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Outlawradio\\mirc.exe"="C:\\Outlawradio\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_08\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\BlueBot\\mirc.exe"="C:\\Program Files\\BlueBot\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\MDoyle\\My Documents\\Zips\\mIRC\\Ivanna's mIRC\\Mirc.exe"="C:\\Documents and Settings\\MDoyle\\My Documents\\Zips\\mIRC\\Ivanna's mIRC\\Mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\mirc.exe"="C:\\mirc.exe:*:Enabled:mIRC"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Java\\jre1.5.0_10\\launch4j-tmp\\ashcast.exe"="C:\\Program Files\\Java\\jre1.5.0_10\\launch4j-tmp\\ashcast.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\OrCAD\\OrCAD_15.7i\\updates.exe"="C:\\OrCAD\\OrCAD_15.7i\\updates.exe:*:Enabled:updates (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsdoc.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsdoc.exe:*:Enabled:cdsdoc (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsinfo.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsinfo.exe:*:Enabled:cdsinfo (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsmps.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsmps.exe:*:Enabled:cdsmps (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsMsgServer.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsMsgServer.exe:*:Enabled:cdsMsgServer (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsNameServer.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsNameServer.exe:*:Enabled:cdsNameServer (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsOaPathUtil.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsOaPathUtil.exe:*:Enabled:cdsOaPathUtil (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsRemshClient.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsRemshClient.exe:*:Enabled:cdsRemshClient (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsRunHidden.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsRunHidden.exe:*:Enabled:cdsRunHidden (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsUnzip.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsUnzip.exe:*:Enabled:cdsUnzip (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdswhich.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdswhich.exe:*:Enabled:cdswhich (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsZip.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cdsZip.exe:*:Enabled:cdsZip (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cds_root.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\cds_root.exe:*:Enabled:cds_root (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\clsAdminTool.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\clsAdminTool.exe:*:Enabled:clsAdminTool (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\clsbd.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\clsbd.exe:*:Enabled:clsbd (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\clu.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\clu.exe:*:Enabled:clu (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\dregprint.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\dregprint.exe:*:Enabled:dregprint (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\emsMkError.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\emsMkError.exe:*:Enabled:emsMkError (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\mpsinfo.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\mpsinfo.exe:*:Enabled:mpsinfo (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\msgHelp.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\msgHelp.exe:*:Enabled:msgHelp (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\nmp.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\nmp.exe:*:Enabled:nmp (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\nmppath.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\nmppath.exe:*:Enabled:nmppath (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\obServer.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\obServer.exe:*:Enabled:obServer (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\van.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\van.exe:*:Enabled:van (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\versionviewer.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\bin\\versionviewer.exe:*:Enabled:versionviewer (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\capture.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\capture.exe:*:Enabled:capture (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\comp16.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\comp16.exe:*:Enabled:comp16 (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\pcadi.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\pcadi.exe:*:Enabled:pcadi (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\pspiceexplorersrvr.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\pspiceexplorersrvr.exe:*:Enabled:pspiceexplorersrvr (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\pstswp.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\pstswp.exe:*:Enabled:pstswp (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\regsvr32.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\regsvr32.exe:*:Enabled:regsvr32 (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\sch2cap.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\sch2cap.exe:*:Enabled:sch2cap (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\SETBROWS.EXE"="C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\SETBROWS.EXE:*:Enabled:SETBROWS (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\tutorial\\CAPTUTOR.EXE"="C:\\OrCAD\\OrCAD_15.7i\\tools\\capture\\tutorial\\CAPTUTOR.EXE:*:Enabled:CAPTUTOR (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\cdsdoc\\bin\\cdsdocIndexer.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\cdsdoc\\bin\\cdsdocIndexer.exe:*:Enabled:cdsdocIndexer (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\cdsdoc\\bin\\obServer.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\cdsdoc\\bin\\obServer.exe:*:Enabled:obServer (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\fet\\bin\\mkdefcfg.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\fet\\bin\\mkdefcfg.exe:*:Enabled:mkdefcfg (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\fet\\bin\\versiontool.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\fet\\bin\\versiontool.exe:*:Enabled:versiontool (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\java.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\java.exe:*:Enabled:java (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\javaw.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\javaw.exe:*:Enabled:javaw (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\jpicpl32.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\jpicpl32.exe:*:Enabled:jpicpl32 (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\jucheck.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\jucheck.exe:*:Enabled:jucheck (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\jusched.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\jusched.exe:*:Enabled:jusched (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\keytool.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\keytool.exe:*:Enabled:keytool (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\kinit.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\kinit.exe:*:Enabled:kinit (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\klist.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\klist.exe:*:Enabled:klist (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\ktab.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\ktab.exe:*:Enabled:ktab (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\orbd.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\orbd.exe:*:Enabled:orbd (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\policytool.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\policytool.exe:*:Enabled:policytool (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\rmid.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\rmid.exe:*:Enabled:rmid (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\rmiregistry.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\rmiregistry.exe:*:Enabled:rmiregistry (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\servertool.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\servertool.exe:*:Enabled:servertool (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\tnameserv.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\bin\\tnameserv.exe:*:Enabled:tnameserv (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\javaws\\javaws.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\jre\\javaws\\javaws.exe:*:Enabled:javaws (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\pspice\\pspiceexplorersrvr.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\pspice\\pspiceexplorersrvr.exe:*:Enabled:pspiceexplorersrvr (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\bin\\cdsdocIndexer.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\bin\\cdsdocIndexer.exe:*:Enabled:cdsdocIndexer (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\bin\\merge.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\bin\\merge.exe:*:Enabled:merge (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\bin\\mkvdk.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\bin\\mkvdk.exe:*:Enabled:mkvdk (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\bin\\search.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\bin\\search.exe:*:Enabled:search (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\bin\\setup.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\bin\\setup.exe:*:Enabled:setup (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\bin\\v_uninst.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\bin\\v_uninst.exe:*:Enabled:v_uninst (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\callback.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\callback.exe:*:Enabled:callback (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\filter.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\filter.exe:*:Enabled:filter (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\htmlini.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\htmlini.exe:*:Enabled:htmlini (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\htmserv.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\htmserv.exe:*:Enabled:htmserv (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\index.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\index.exe:*:Enabled:index (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\jstree.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\jstree.exe:*:Enabled:jstree (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\jvtree.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\jvtree.exe:*:Enabled:jvtree (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\kvoop.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\kvoop.exe:*:Enabled:kvoop (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\regsvr32.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\regsvr32.exe:*:Enabled:regsvr32 (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\summary.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\summary.exe:*:Enabled:summary (Release OrCAD 15.7i)"
"C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\viewers\\amovie.exe"="C:\\OrCAD\\OrCAD_15.7i\\tools\\verity\\_nti40\\filters\\viewers\\amovie.exe:*:Enabled:amovie (Release OrCAD 15.7i)"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\\JmMirc\\Mirc.exe"="C:\\JmMirc\\Mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1a\\Win32\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1a\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1a\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP1a\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\\mIRC63\\mIRC\\mirc.exe"="C:\\mIRC63\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 25 Apr 2007 5 ...H. --- "C:\eam58.exe"
Wed 25 Apr 2007 5 ...H. --- "C:\Wck49.com"
Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 7 Nov 2007 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Tue 2 May 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 25 Oct 2002 49,152 A..H. --- "C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll"
Mon 5 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 9 Mar 2005 6,358 A..H. --- "C:\Documents and Settings\MDoyle\Application Data\Microsoft\Office\Shortcut Bar\Off396.tmp"
Thu 9 Feb 2006 6,238,208 ...H. --- "C:\Documents and Settings\MDoyle\My Documents\Datastrip\Compliance\DSVII\DSVII User Manuals\~WRL2866.tmp"
Fri 19 Nov 2004 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"

Finished!

Here is another HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32, on 2008-04-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?ie=UTF-8&...p;tab=wn&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {44EFB53C-C965-43CF-9F45-52242D134187} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} (UniInstaller Class) - http://webcamnow.com/fs5/voice/voice-installer.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,9...pdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095356385820
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140705516671
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://192.168.1.45/activex/AMC.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://218.4.98.114/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = datastrip.net
O17 - HKLM\Software\..\Telephony: DomainName = datastrip.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = datastrip.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = datastrip.net
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 9972 bytes


I no longer see the errors when I boot windows :-)

I have installed AVGFree and will do a complete scan.

#5 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:02:37 AM

Posted 01 April 2008 - 03:44 PM

Please visit the online Jotti Virus Scanner Posted Image<--link
  • Click on Posted Image button.
  • Copy and paste the following filepath in the box:

    C:\eam58.exe

    After that file, check this: C:\Wck49.com

    And Cindy.exe

  • Click on the Posted Image button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.

If Jotti's too busy, try here:
http://www.virustotal.com/en/virustotalf.html


I also need to see a different type of log from Hijackthis:
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your next reply.


#6 Indigoblue47

Indigoblue47
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 02 April 2008 - 10:07 AM

OK, I see no "Choose..." selection. I do see "Browse..."
Should I put those filespecs in the box next to "Browse..."?
Acutallly I tried putting them all in the box separateld by a space but the scanner balked at that.

#7 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:02:37 AM

Posted 02 April 2008 - 10:19 AM

Should I put those filespecs in the box next to "Browse..."?


Yes! one file its time and click the submit button.

#8 Indigoblue47

Indigoblue47
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 02 April 2008 - 10:40 AM

OK, here are the Jotti results for the first two filespecs.
There was no result returned for Cindy.exe the message was "Status: Uploading file, please wait... "
Nothing ever was returned. Cindy.exe is a videoconferencing program like CU SeeMe or VChat. It hasn't been installed in this pc in several years.
Also, the new HijackThis log is below.

File: eam58.exe
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: a7aa1c160e1fcc5540ac260d4b236441
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 02 Apr 2008 15:11:18 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

File: Wck49.com
Status: OK
MD5: 07a67ed4993e8d90f7c65ab21bd108dc
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 02 Apr 2008 15:24:55 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


HijackThis uninstall_list.txt

7-Zip 4.57
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Reader Japanese Fonts
Advanced USB Port Monitor
AMCap
Ares 2.0.5
Audacity 1.2.6
Audacity 1.3.2 (Unicode)
AVG 7.5
AviSynth 2.5
AXIS Media Control
AXIS Media Control Embedded
Cadence Allegro Free Physical Viewer 16.0
CADopia Standard 8
ClearType Tuning Control Panel Applet
CompuPic Pro
Convert
Data Lifeguard Tools
Dimension 4 v5.0
DirectShow .SHN FIlter
EasyCleaner
Elsie
eSketch
FLAC Installer 1.1.0k (remove only)
FLV Player 2.0, build 23
GetDataBack for FAT
GetDataBack for NTFS
Hardcopy (C:\Program Files\Hardcopy)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
hp deskjet 840c series
HyperTerminal Private Edition v6.3
Inside Out Networks Watchport/V Drivers (Remove only)
Intel® Extreme Graphics 2 Driver
Intel® Play™ QX3™ Computer Microscope
Intel® PRO Network Adapters and Drivers
Intel® System Information Viewer
IrfanView (remove only)
Japanese Fonts Support For Adobe Reader 8
Java™ 6 Update 5
K-Lite Mega Codec Pack 3.7.5
Logitech ImageStudio
Logitech MouseWare 9.79.1
Macromedia Shockwave Player
ManyCam 2.2 (remove only)
Media Library Management Wizard
MFP TWAIN Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Calculator Plus
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Web Archive Add-On
Microsoft Office Professional Edition 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Sounds
Microsoft Office Visio Professional 2003
Microsoft OpenType Font File Properties Extension
Microsoft Outlook Personal Folders Backup
Microsoft Plus! Photo Story 2 LE
Microsoft Time Zone
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIRC
mkw Audio Compression Toolkit
mkw Runtime Libraries
Move Networks Player for Internet Explorer
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mp3tag V.2.32a
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero - Burning Rom
ooVoo
OrCAD 15.7i
OSS Audio Converter Pro 5.6.0.5
Paint.NET v2.0
Parts&Vendors 4.0.36
pdfFactory Pro
Personal License Update Wizard for Windows Media Player
Picasa 2
Plus! MP3 Audio Converter LE
Power Tab Editor 1.7
PowerDVD
PowerPLUSview
QuickTime
Quite Universal Circuit Simulator 0.0.13 binary package for Win
RFSim99
RIA-Media Viewer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Shockwave
SiSoftware Sandra Lite XII
Skype™ 3.6
SoundMAX
Spelling Dictionaries Support For Adobe Reader 8
Startup Control Center
Super Webcam
SUPERAntiSpyware Free Edition
Supercalc 1.0
TClockEx
TeamSpeak 2 RC2
TextPad 4.7
Tweak UI
TweakNow RegCleaner Standard
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB917425)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VideoLAN VLC media player 0.8.6c
VobSub v2.23 (Remove Only)
VST Bridge 1.1
What's Running 2.2
Winamp
Wind Chimes
Window Washer
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media 9 Capture Tool
Windows Media Bonus Pack for Windows XP
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows Presentation Foundation
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893048
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WinZip 11.1
XviD MPEG4 Video Codec (remove only)
Yahoo! Messenger
ZoneAlarm

#9 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:02:37 AM

Posted 02 April 2008 - 10:47 AM

Ok! One last scan.

Please do an online scan with Kaspersky WebScanner

Click on Posted Image

You will be promted to install an ActiveX component from Kaspersky, Click Posted Image
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Posted Image
  • Now click on Posted Image
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click Posted Image
  • Now under select a target to scan:Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please let me know how things running.

#10 Indigoblue47

Indigoblue47
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 04 April 2008 - 07:26 AM

Here is the report from Kaspersky.
I have not taken action against any of the threats reported. Should I?

KASPERSKY ONLINE SCANNER REPORT
2008-04-04 08:23
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/04/2008
Kaspersky Anti-Virus database records: 679869


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 77722
Number of viruses found 7
Number of infected objects 29
Number of suspicious objects 0
Duration of the scan process 03:34:16

Infected Object Name Virus Name Last Action
C:\7\update\eula.txt Object is locked skipped

C:\7\update\spcustom.dll Object is locked skipped

C:\7\update\update.exe Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12062006-092221.log Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\MDoyle\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\MDoyle\Desktop\JmMirc.exe/file001 Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\Documents and Settings\MDoyle\Desktop\JmMirc.exe Inno: infected - 1 skipped

C:\Documents and Settings\MDoyle\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\MDoyle\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Misc/29 Aug 2007 14:05 from Karl Renier:mirc/Goosemirc.rar.zip/Goosemirc/Goose1.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.601 skipped

C:\Documents and Settings\MDoyle\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Misc/29 Aug 2007 14:05 from Karl Renier:mirc/Goosemirc.rar.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.601 skipped

C:\Documents and Settings\MDoyle\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Misc/29 Aug 2007 13:34 from Davy Hepburn/VB-Scriptv2_setup.exe/file01 Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\Documents and Settings\MDoyle\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Misc/29 Aug 2007 13:34 from Davy Hepburn/VB-Scriptv2_setup.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\Documents and Settings\MDoyle\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst Mail MS Mail: infected - 4 skipped

C:\Documents and Settings\MDoyle\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\MDoyle\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\MDoyle\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\MDoyle\Local Settings\History\History.IE5\MSHist012008040320080404\index.dat Object is locked skipped

C:\Documents and Settings\MDoyle\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\MDoyle\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\MDoyle\My Documents\My Music\Incomplete\T-3045692-01 Track 1.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\MDoyle\My Documents\Zips\CrossLoopSetupPlus.exe/file54 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped

C:\Documents and Settings\MDoyle\My Documents\Zips\CrossLoopSetupPlus.exe/file55 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped

C:\Documents and Settings\MDoyle\My Documents\Zips\CrossLoopSetupPlus.exe Inno: infected - 2 skipped

C:\Documents and Settings\MDoyle\My Documents\Zips\IRC\acidmax2120.zip/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped

C:\Documents and Settings\MDoyle\My Documents\Zips\IRC\acidmax2120.zip ZIP: infected - 1 skipped

C:\Documents and Settings\MDoyle\My Documents\Zips\IRC\VBJB-Script\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped

C:\Documents and Settings\MDoyle\My Documents\Zips\IRC\VBJB-Script_Installer.zip/VBJB-Script setup.exe/file001 Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped

C:\Documents and Settings\MDoyle\My Documents\Zips\IRC\VBJB-Script_Installer.zip/VBJB-Script setup.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped

C:\Documents and Settings\MDoyle\My Documents\Zips\IRC\VBJB-Script_Installer.zip ZIP: infected - 2 skipped

C:\Documents and Settings\MDoyle\My Documents\Zips\mIRCbsiat.zip/mIRCbsiat/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\Documents and Settings\MDoyle\My Documents\Zips\mIRCbsiat.zip ZIP: infected - 1 skipped

C:\Documents and Settings\MDoyle\My Documents\Zips\[Nero.8.Ultra.Edition].nero.8x.keygen.exe/data.rar/is151177.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Documents and Settings\MDoyle\My Documents\Zips\[Nero.8.Ultra.Edition].nero.8x.keygen.exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Documents and Settings\MDoyle\My Documents\Zips\[Nero.8.Ultra.Edition].nero.8x.keygen.exe RarSFX: infected - 2 skipped

C:\Documents and Settings\MDoyle\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\MDoyle\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\JmMirc\Mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\aqlccyme.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\bmqqxoaf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\ikmalrhd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\kediwiab.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\nhsrxeeo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{CF14DBCF-F44F-4467-B41C-6C9A234EFA9E}\RP1418\A0277818.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{CF14DBCF-F44F-4467-B41C-6C9A234EFA9E}\RP1438\change.log Object is locked skipped

C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\ole32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\user32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\win32k.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826942$\ndis.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826942$\netshell.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB829558$\dao360.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB829558$\expsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB829558$\msexch40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB829558$\msexcl40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB829558$\msjet40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB829558$\msjetoledb40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB829558$\msjint40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB829558$\msjter40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB829558$\msjtes40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB829558$\msltus40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB829558$\mspbde40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB829558$\msrd2x40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB829558$\msrd3x40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB829558$\msrepl40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB829558$\mstext40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB829558$\mswdat10.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB829558$\mswstr10.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB829558$\msxbde40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB829558$\vbajet32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped

C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped

C:\WINDOWS\bthservsdp.dat Object is locked skipped

C:\WINDOWS\Debug\Netlogon.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#11 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:02:37 AM

Posted 04 April 2008 - 11:45 AM

Hi Indigoblue47


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    C:\Documents and Settings\MDoyle\My Documents\Zips\[Nero.8.Ultra.Edition].nero.8x.keygen.exe/data.rar/is151177.exe
    C:\Documents and Settings\MDoyle\My Documents\My Music\Incomplete\T-3045692-01 Track 1.wma

  • Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.

  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

#12 Indigoblue47

Indigoblue47
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 04 April 2008 - 12:19 PM

Here's the result from OTMoveIt2:
< C:\Documents and Settings\MDoyle\My Documents\Zips\[Nero.8.Ultra.Edition].nero.8x.keygen.exe/data.rar/is151177.exe >

When I went to uninstall ComboFix, it could not be found. Most likely I already deleted the executable. Would it be best for me to reinstall/uninstall or can I just get rid of the files and folers?

#13 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:02:37 AM

Posted 04 April 2008 - 12:38 PM

  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    C:\QooBox



  • Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.

  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


How things running?

#14 Indigoblue47

Indigoblue47
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 04 April 2008 - 12:51 PM

Response for C:\QooBox:
C:\QooBox\Quarantine\Registry_backups moved successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32 moved successfully.
C:\QooBox\Quarantine\C\WINDOWS moved successfully.
C:\QooBox\Quarantine\C moved successfully.
C:\QooBox\Quarantine moved successfully.
C:\QooBox\lastrun moved successfully.
C:\QooBox\BackEnv moved successfully.
C:\QooBox moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04042008_135005

Everything seems to be running well...

#15 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:02:37 AM

Posted 04 April 2008 - 12:58 PM

Please double-click OTMoveIt2.exe to run it. Click the clean up button.

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and enable system restore here:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

Safe surf!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users