Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Ad Ware / Deewoo /probably Other Stuff


  • Please log in to reply
26 replies to this topic

#1 Vinny2Cool

Vinny2Cool

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 30 March 2008 - 05:54 PM

Hello,

About two days ago my computer became overrun with pop-ups. They are all advertisements except for a few ebay pop-ups. Some pop-ups come from something called Deewoo. I'm not very talented with computers, so I don't know much about viruses. I did an anti-virus scan and found 400+ infections. I've used AVG, Spybot, AntiVir, Panda Anti Virus, Ad-Aware, and Google Spyware Doctor and can't seem to solve the problem. I run the programs over and over again and contrinue to get between 8-100 infections depending on how long I wait to run another scan. I've downloaded Spygate Personal Firewall and that seems to block most of the pop-ups, but not all. Also, I'm not knowledgeable enough about it to know what to let through the firewall and what to block. Please help.

Thanks,
Vince

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:59 PM, on 3/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\lcnttkdn.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: targettedbanner.biz browser enhancer - {16B435F6-B6CE-4F24-A568-944B27ED919C} - C:\WINDOWS\system32\atgban.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\lcnttkdn.exe DWram
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PostSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\atgban.dll" DllStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\lcnttkdn.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206910817843
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (Secure Data Transfer Control) - http://www.youbet.net/wr_5_8/controls/ybrequest.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: awturro - awturro.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10119 bytes

BC AdBot (Login to Remove)

 


m

#2 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:11:06 PM

Posted 10 April 2008 - 08:23 PM

Apologies for the delay in replying, but the forums have been overwhelmed with HIjackThis logs lately. If you still need help, please post back with a new HijackThis log, along with an update of the problems you are currently experiencing.
Posted Image

#3 Vinny2Cool

Vinny2Cool
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 11 April 2008 - 06:31 PM

Hello,

Yes, I still need help. I'm still experiencing the same problems.

Latest Hijack log:

Deckard's System Scanner v20071014.68
Run by Vince on 2008-04-11 18:22:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
58: 2008-04-11 23:22:44 UTC - RP229 - Deckard's System Scanner Restore Point
57: 2008-04-08 00:41:21 UTC - RP228 - System Checkpoint
56: 2008-04-06 21:00:01 UTC - RP227 - System Checkpoint
55: 2008-04-05 06:52:59 UTC - RP226 - System Checkpoint
54: 2008-04-04 06:37:15 UTC - RP225 - System Checkpoint


-- First Restore Point --
1: 2008-03-29 03:01:58 UTC - RP172 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 84% (more than 75%).
Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Vince.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:25 PM, on 4/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\lcnttkdn.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Vince\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Vince.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: targettedbanner.biz browser enhancer - {16B435F6-B6CE-4F24-A568-944B27ED919C} - C:\WINDOWS\system32\atgban.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\lcnttkdn.exe DWram
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PostSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\atgban.dll" DllStart
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\lcnttkdn.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206910817843
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (Secure Data Transfer Control) - http://www.youbet.net/wr_5_8/controls/ybrequest.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: awturro - awturro.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10281 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 rixdptskk - c:\windows\system32\drivers\rixdptskk.sys
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
R3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
R3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft® Windows NT® Operating System>

S1 Tosrfcom - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSO Service>

S4 Bluetooth Hid Switch Service - "c:\program files\bluetooth\hidswitchservice\hidsw.exe" <Not Verified; Cambridge Silicon Radio; HID Switch Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-05 22:51:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-11 and 2008-04-11 -----------------------------

2008-03-30 18:38:09 0 d-------- C:\Program Files\Trend Micro
2008-03-30 17:05:56 0 d-------- C:\WINDOWS\network diagnostic
2008-03-30 16:32:43 4050944 --a------ C:\Documents and Settings\Vince\ntuser.dat
2008-03-30 16:07:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-03-30 16:05:56 0 d-------- C:\WINDOWS\system32\PreInstall
2008-03-30 16:01:47 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-03-30 00:40:05 60496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
2008-03-30 00:40:04 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
2008-03-30 00:39:47 0 d-------- C:\Program Files\Sygate
2008-03-29 22:51:32 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-29 17:10:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-29 12:41:35 0 d-------- C:\Program Files\Lavasoft
2008-03-29 12:41:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-29 12:40:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 03:19:08 0 dr-h----- C:\$VAULT$.AVG
2008-03-29 03:14:19 0 d-------- C:\Documents and Settings\Vince\Application Data\AVG7
2008-03-29 03:14:13 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-29 03:13:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 03:13:55 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-29 02:47:38 196680 --a------ C:\WINDOWS\system32\lcnttkdn.exe
2008-03-28 23:26:11 0 d-------- C:\Documents and Settings\Vince\Application Data\PC Tools
2008-03-28 23:16:27 0 --a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-28 22:45:31 0 d-------- C:\Program Files\Spyware Doctor
2008-03-28 22:43:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-28 22:20:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-28 22:12:31 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-03-28 22:12:06 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-03-28 22:01:48 6866 --ahs---- C:\WINDOWS\system32\ppqss.ini2
2008-03-28 21:57:00 936 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-03-28 21:56:48 0 d--hs---- C:\WINDOWS\VmluY2U
2008-03-28 21:56:45 196675 --a------ C:\WINDOWS\system32\qcnttkdn.exe
2008-03-28 21:56:42 39883 --a------ C:\WINDOWS\system32\targetedbanner-uninst.exe
2008-03-28 21:56:39 86016 -----n--- C:\WINDOWS\system32\drivers\rixdptskk.sys
2008-03-28 21:56:35 0 d-------- C:\WINDOWS\system32\xTmp
2008-03-28 21:56:35 0 d-------- C:\WINDOWS\system32\winz1
2008-03-28 21:56:35 0 d-------- C:\WINDOWS\system32\IDME
2008-03-28 21:56:35 0 d-------- C:\WINDOWS\system32\bz3
2008-03-28 21:56:30 0 d-------- C:\WINDOWS\system32\aqVreo01
2008-03-28 21:56:30 0 d-------- C:\Temp
2008-03-24 01:09:56 0 d-------- C:\Documents and Settings\Vince\Application Data\Move Networks


-- Find3M Report ---------------------------------------------------------------

2008-04-09 21:24:44 0 d-------- C:\Documents and Settings\Vince\Application Data\Azureus
2008-04-06 14:01:36 0 d-------- C:\Program Files\iTunes
2008-04-03 19:33:13 0 d-------- C:\Program Files\Google
2008-03-29 23:38:55 0 d-------- C:\Program Files\Digital Line Detect
2008-03-29 23:36:45 0 d-------- C:\Program Files\BAE
2008-03-29 13:42:32 0 d-------- C:\Program Files\IrfanView
2008-03-29 12:40:12 0 d-------- C:\Program Files\Common Files
2008-03-29 04:18:07 0 d-------- C:\Program Files\NetWaiting
2008-03-29 04:18:06 0 d-------- C:\Program Files\DellSupport
2008-03-29 03:55:14 0 d-------- C:\Program Files\QuickTime
2008-03-29 03:19:08 0 d-------- C:\Program Files\Messenger
2008-03-09 13:50:51 0 d-------- C:\Program Files\Azureus


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16B435F6-B6CE-4F24-A568-944B27ED919C}]
C:\WINDOWS\system32\atgban.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 04:30 PM C:\WINDOWS\stsystra.exe]
"g]eeV\mWhjlnspB"="C:\WINDOWS\system32\lcnttkdn.exe" [03/29/2008 02:47 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03/29/2008 03:15 AM]
"PostSetupCheck"="C:\WINDOWS\system32\atgban.dll" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 07:05 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/28/2008 11:25 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 12:43 PM]

C:\Documents and Settings\Vince\Start Menu\Programs\Startup\
Deewoo.lnk - C:\WINDOWS\system32\lcnttkdn.exe [3/29/2008 2:47:38 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awturro]
awturro.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqpp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a7a7f0e-1db8-11db-a28c-00038a000015}]
AutoRun\command- G:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-04-11 18:30:06 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T1350 @ 1.86GHz
Percentage of Memory in Use: 79%
Physical Memory (total/avail): 502.37 MiB / 100.98 MiB
Pagefile Memory (total/avail): 1845.55 MiB / 928.29 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1939.04 MiB

C: is Fixed (NTFS) - 52.72 GiB total, 22.97 GiB free.
D: is Fixed (NTFS) - 17.06 GiB total, 17 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541080G9SA00 - 73.13 GiB - 4 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 52.72 GiB - C:
\PARTITION2 - Installable File System - 17.06 GiB - D:
\PARTITION3 - Unknown - 3.29 GiB



-- Security Center -------------------------------------------------------------

Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.)
AV: AVG 7.5.519 v7.5.519 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Vince\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DFV69BB1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Vince
LOGONSERVER=\\DFV69BB1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Vince\LOCALS~1\Temp
TMP=C:\DOCUME~1\Vince\LOCALS~1\Temp
USERDOMAIN=DFV69BB1
USERNAME=Vince
USERPROFILE=C:\Documents and Settings\Vince
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Vince (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Broadcom Management Programs --> MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Deewoo Network Manager removal --> C:\WINDOWS\system32\lcnttkdn.exe -UPop
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
Enhancement Browser Tools Targetedbanner --> C:\WINDOWS\system32\targetedbanner-uninst.exe
ESPN Java Check --> C:\WINDOWS\system32\javaws.exe -uninstall "http://games.espn.go.com/s/ffllm/06/livedraft/jws-check.jar"
Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Get High Speed Internet! --> MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Internet Service Offers Launcher --> MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Vince\Application Data\Move Networks\ie_bin\Uninst.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Search Assist --> MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Sygate Personal Firewall --> MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tradewinds --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\3C48F877-A164-45E9-B9DA-26A049FFC207\Uninstall.exe"
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Yahoo! Messenger Explorer Bar --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\COMPAN~1\Modules\messmod4\v6\yhexbmes.dll
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type105 / Error
Event Submitted/Written: 04/07/2008 11:22:08 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module goec62~1.dll, version 0.0.0.0, fault address 0x00003dfb.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type104 / Error
Event Submitted/Written: 04/07/2008 09:13:52 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module goec62~1.dll, version 0.0.0.0, fault address 0x00003dfb.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type99 / Warning
Event Submitted/Written: 04/06/2008 02:00:33 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{AB90749C-7422-4580-8A7A-66CC5E9E5F98}', feature 'iTunes' failed during request for component '{E8A1D3E2-F5D3-4B24-AB93-52F7E602A235}'

Event Record #/Type98 / Warning
Event Submitted/Written: 04/06/2008 02:00:33 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{AB90749C-7422-4580-8A7A-66CC5E9E5F98}', feature 'iTunes', component '{C08B990C-B647-4700-8D9D-68E62B841B72}' failed. The resource 'C:\Program Files\iTunes\iTunesHelper.exe' does not exist.

Event Record #/Type90 / Error
Event Submitted/Written: 04/03/2008 08:23:29 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type26042 / Error
Event Submitted/Written: 04/11/2008 06:16:14 PM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 10.0.1.6 on the
Network Card with network address 001302A99FBD.

Event Record #/Type26041 / Warning
Event Submitted/Written: 04/11/2008 06:16:14 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001302A99FBD. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type26038 / Error
Event Submitted/Written: 04/10/2008 09:09:55 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.

Event Record #/Type26037 / Warning
Event Submitted/Written: 04/10/2008 09:09:55 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001302A99FBD. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type26033 / Error
Event Submitted/Written: 04/10/2008 07:54:42 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.



-- End of Deckard's System Scanner: finished at 2008-04-11 18:30:06 ------------



Thanks for your help,
Vince

#4 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:11:06 PM

Posted 11 April 2008 - 07:40 PM

Hello Vinny2Cool,

Using Add Or Remove Programs remove the following entries (if present): (To get into add Or Remove Programs press the START button > Control Panel > Add Or Remove Programs.)

Azureus Vuze
Deewoo Network Manager removal
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
LimeWire 4.14.10
Viewpoint Media Player



Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Posted Image

#5 Vinny2Cool

Vinny2Cool
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 11 April 2008 - 08:57 PM

Combofix log:

ComboFix 08-04-11.5 - Vince 2008-04-11 20:41:00.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.146 [GMT -5:00]
Running from: C:\Documents and Settings\Vince\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Vince\Start Menu\Programs\Startup\Deewoo.lnk
C:\Documents and Settings\Vince\Start Menu\Programs\Startup\DW_Start.lnk
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\gbRve12
C:\Temp\gbRve12\csLioes.log
C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\rixdptskk.sys
C:\WINDOWS\system32\ppqss.ini2
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RIXDPTSKK
-------\Service_rixdptskk


((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.

2008-04-11 18:22 . 2008-04-11 18:22 <DIR> d-------- C:\Deckard
2008-03-30 18:38 . 2008-03-30 18:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-30 17:14 . 2007-06-30 22:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-30 17:14 . 2007-06-30 22:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-30 16:05 . 2005-02-24 22:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-30 16:01 . 2007-07-30 20:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-30 16:01 . 2007-07-30 20:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-30 16:01 . 2007-07-30 20:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-30 16:01 . 2007-07-30 20:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-30 16:01 . 2007-07-30 20:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-30 00:40 . 2004-10-15 19:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-03-30 00:40 . 2004-10-15 19:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-03-30 00:40 . 2004-10-15 19:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-03-30 00:40 . 2004-10-15 19:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-03-30 00:40 . 2004-10-15 19:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-03-30 00:40 . 2004-10-15 19:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-03-30 00:39 . 2008-03-30 00:39 <DIR> d-------- C:\Program Files\Sygate
2008-03-30 00:39 . 2004-10-15 19:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-03-29 22:51 . 2008-03-29 23:49 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-29 22:51 . 2008-03-29 22:51 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-29 22:51 . 2008-03-29 22:51 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-29 22:51 . 2008-03-29 22:51 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-29 17:10 . 2008-03-29 23:43 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-29 17:10 . 2008-03-29 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-29 12:41 . 2008-03-29 12:41 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-29 12:41 . 2008-03-29 12:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-29 12:40 . 2008-03-29 12:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 10:47 . 2008-03-29 10:47 13,942 --a------ C:\WINDOWS\system32\iphone-011.ico
2008-03-29 06:47 . 2008-03-29 06:47 1,635 --a------ C:\WINDOWS\system32\vaio3-011.ico
2008-03-29 03:14 . 2008-04-11 20:37 <DIR> d-------- C:\Documents and Settings\Vince\Application Data\AVG7
2008-03-29 03:14 . 2008-03-29 03:14 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-29 03:13 . 2008-03-29 03:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 03:13 . 2008-03-29 03:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-29 02:47 . 2008-03-29 02:47 196,680 --a------ C:\WINDOWS\system32\lcnttkdn.exe
2008-03-28 23:26 . 2008-03-28 23:26 <DIR> d-------- C:\Documents and Settings\Vince\Application Data\PC Tools
2008-03-28 23:26 . 2007-12-10 15:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-28 23:26 . 2007-12-10 15:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-28 23:26 . 2008-02-01 13:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-28 23:26 . 2007-12-10 15:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-28 22:45 . 2008-03-30 01:07 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-28 22:43 . 2008-04-11 19:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-28 22:20 . 2008-03-28 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-28 21:57 . 2008-04-04 19:49 936 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-03-28 21:56 . 2008-03-29 15:43 <DIR> d--hs---- C:\WINDOWS\VmluY2U
2008-03-28 21:56 . 2008-03-29 04:18 <DIR> d-------- C:\WINDOWS\system32\xTmp
2008-03-28 21:56 . 2008-03-29 04:18 <DIR> d-------- C:\WINDOWS\system32\winz1
2008-03-28 21:56 . 2008-03-29 04:18 <DIR> d-------- C:\WINDOWS\system32\IDME
2008-03-28 21:56 . 2008-03-29 04:18 <DIR> d-------- C:\WINDOWS\system32\bz3
2008-03-28 21:56 . 2008-03-29 04:18 <DIR> d-------- C:\WINDOWS\system32\aqVreo01
2008-03-28 21:56 . 2008-04-11 20:41 <DIR> d-------- C:\Temp
2008-03-28 21:56 . 2008-03-28 21:56 196,675 --a------ C:\WINDOWS\system32\qcnttkdn.exe
2008-03-28 21:56 . 2008-03-28 21:56 39,883 --a------ C:\WINDOWS\system32\targetedbanner-uninst.exe
2008-03-24 01:09 . 2008-03-24 01:10 <DIR> d-------- C:\Documents and Settings\Vince\Application Data\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-12 01:28 --------- d-----w C:\Program Files\Azureus
2008-04-12 01:22 --------- d-----w C:\Documents and Settings\Vince\Application Data\Azureus
2008-04-06 19:01 --------- d-----w C:\Program Files\iTunes
2008-04-04 00:33 --------- d-----w C:\Program Files\Google
2008-03-30 04:38 --------- d-----w C:\Program Files\Digital Line Detect
2008-03-30 04:36 --------- d-----w C:\Program Files\BAE
2008-03-29 18:42 --------- d-----w C:\Program Files\IrfanView
2008-03-29 09:18 --------- d-----w C:\Program Files\NetWaiting
2008-03-29 09:18 --------- d-----w C:\Program Files\DellSupport
2008-03-29 08:55 --------- d-----w C:\Program Files\QuickTime
2007-06-27 03:25 88 --sha-r C:\WINDOWS\system32\428A917C6A.sys
2007-06-27 03:25 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 63,712 2007-03-09 16:09:58 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe

----a-w 39,792 2007-10-11 00:51:55 C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe

----a-w 81,920 2005-06-10 15:44:02 C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe

----a-w 249,856 2005-06-10 15:44:02 C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe

----a-w 49,152 2005-12-10 01:29:52 C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe

----a-w 290,816 2004-04-12 01:15:14 C:\Program Files\Dell\Media Experience\bak\PCMService.exe

----a-w 1,032,192 2006-04-06 19:58:52 C:\Program Files\Dell\QuickSet\bak\Quickset.exe

----a-w 460,784 2007-03-15 16:09:36 C:\Program Files\DellSupport\bak\DSAgnt.exe

----a-w 169,984 2006-07-11 16:42:12 C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe

----a-w 602,182 2005-12-28 16:56:16 C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe

----a-w 667,718 2005-12-28 16:55:40 C:\Program Files\Intel\Wireless\Bin\bak\ZCfgSvc.exe

----a-w 257,088 2007-03-15 00:05:48 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 257,088 2007-03-15 00:05:48 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 36,975 2005-04-13 08:48:52 C:\Program Files\Java\jre1.5.0_03\bin\bak\jusched.exe

----a-w 1,121,792 2005-08-12 21:16:44 C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe

----a-w 1,694,208 2004-10-13 16:24:37 C:\Program Files\Messenger\bak\msmsgs.exe

----a-w 20,480 2003-09-10 07:24:00 C:\Program Files\NetWaiting\bak\netWaiting.exe

----a-w 282,624 2007-02-16 15:54:04 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 761,947 2006-03-08 16:48:02 C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe

----a-w 77,824 2005-12-13 21:41:08 C:\WINDOWS\system32\bak\hkcmd.exe

----a-w 118,784 2005-12-13 21:45:00 C:\WINDOWS\system32\bak\igfxpers.exe

----a-w 98,304 2005-12-13 21:44:18 C:\WINDOWS\system32\bak\igfxtray.exe

----a-w 127,035 2004-12-06 06:05:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16B435F6-B6CE-4F24-A568-944B27ED919C}]
C:\WINDOWS\system32\atgban.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-28 23:25 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 282624 C:\WINDOWS\stsystra.exe]
"g]eeV\mWhjlnspB"="C:\WINDOWS\system32\lcnttkdn.exe" [2008-03-29 02:47 196680]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-29 03:15 579072]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-29 03:14 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-11 11:24:30 24576]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-28 23:24:55 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awturro]
awturro.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a7a7f0e-1db8-11db-a28c-00038a000015}]
\Shell\AutoRun\command - G:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-06 03:51:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 20:50:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\zxdnt3d.cfg 21 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"g]eeV\\mWhjlnspB"="C:\\WINDOWS\\system32\\lcnttkdn.exe DWram"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-04-11 20:53:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-12 01:53:12
Pre-Run: 24,256,184,320 bytes free
Post-Run: 24,409,718,784 bytes free


new hijack log:

Deckard's System Scanner v20071014.68
Run by Vince on 2008-04-11 20:56:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Vince.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:11 PM, on 4/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\lcnttkdn.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Vince\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Vince.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: targettedbanner.biz browser enhancer - {16B435F6-B6CE-4F24-A568-944B27ED919C} - C:\WINDOWS\system32\atgban.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\lcnttkdn.exe DWram
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206910817843
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (Secure Data Transfer Control) - http://www.youbet.net/wr_5_8/controls/ybrequest.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: awturro - awturro.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9392 bytes

-- Files created between 2008-03-11 and 2008-04-11 -----------------------------

2008-04-11 20:40:18 68096 --a------ C:\WINDOWS\zip.exe
2008-04-11 20:40:18 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-11 20:40:18 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-11 20:40:18 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-11 20:40:18 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-11 20:40:18 98816 --a------ C:\WINDOWS\sed.exe
2008-04-11 20:40:18 80412 --a------ C:\WINDOWS\grep.exe
2008-04-11 20:40:18 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-30 18:38:09 0 d-------- C:\Program Files\Trend Micro
2008-03-30 17:05:56 0 d-------- C:\WINDOWS\network diagnostic
2008-03-30 16:32:43 4050944 --a------ C:\Documents and Settings\Vince\ntuser.dat
2008-03-30 16:07:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-03-30 16:05:56 0 d-------- C:\WINDOWS\system32\PreInstall
2008-03-30 16:01:47 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-03-30 00:40:05 60496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
2008-03-30 00:40:04 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
2008-03-30 00:39:47 0 d-------- C:\Program Files\Sygate
2008-03-29 22:51:32 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-29 17:10:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-29 12:41:35 0 d-------- C:\Program Files\Lavasoft
2008-03-29 12:41:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-29 12:40:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 03:19:08 0 dr-h----- C:\$VAULT$.AVG
2008-03-29 03:14:19 0 d-------- C:\Documents and Settings\Vince\Application Data\AVG7
2008-03-29 03:14:13 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-29 03:13:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 03:13:55 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-29 02:47:38 196680 --a------ C:\WINDOWS\system32\lcnttkdn.exe
2008-03-28 23:26:11 0 d-------- C:\Documents and Settings\Vince\Application Data\PC Tools
2008-03-28 23:16:27 0 --a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-28 22:45:31 0 d-------- C:\Program Files\Spyware Doctor
2008-03-28 22:43:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-28 22:20:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-28 22:12:31 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-03-28 22:12:06 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-03-28 21:57:00 936 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-03-28 21:56:48 0 d--hs---- C:\WINDOWS\VmluY2U
2008-03-28 21:56:45 196675 --a------ C:\WINDOWS\system32\qcnttkdn.exe
2008-03-28 21:56:42 39883 --a------ C:\WINDOWS\system32\targetedbanner-uninst.exe
2008-03-28 21:56:35 0 d-------- C:\WINDOWS\system32\xTmp
2008-03-28 21:56:35 0 d-------- C:\WINDOWS\system32\winz1
2008-03-28 21:56:35 0 d-------- C:\WINDOWS\system32\IDME
2008-03-28 21:56:35 0 d-------- C:\WINDOWS\system32\bz3
2008-03-28 21:56:30 0 d-------- C:\WINDOWS\system32\aqVreo01
2008-03-28 21:56:30 0 d-------- C:\Temp
2008-03-24 01:09:56 0 d-------- C:\Documents and Settings\Vince\Application Data\Move Networks


-- Find3M Report ---------------------------------------------------------------

2008-04-11 20:32:14 0 d-------- C:\Program Files\Common Files
2008-04-11 20:28:18 0 d-------- C:\Program Files\Azureus
2008-04-11 20:22:26 0 d-------- C:\Documents and Settings\Vince\Application Data\Azureus
2008-04-06 14:01:36 0 d-------- C:\Program Files\iTunes
2008-04-03 19:33:13 0 d-------- C:\Program Files\Google
2008-03-29 23:38:55 0 d-------- C:\Program Files\Digital Line Detect
2008-03-29 23:36:45 0 d-------- C:\Program Files\BAE
2008-03-29 13:42:32 0 d-------- C:\Program Files\IrfanView
2008-03-29 04:18:07 0 d-------- C:\Program Files\NetWaiting
2008-03-29 04:18:06 0 d-------- C:\Program Files\DellSupport
2008-03-29 03:55:14 0 d-------- C:\Program Files\QuickTime
2008-03-29 03:19:08 0 d-------- C:\Program Files\Messenger


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16B435F6-B6CE-4F24-A568-944B27ED919C}]
C:\WINDOWS\system32\atgban.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 04:30 PM C:\WINDOWS\stsystra.exe]
"g]eeV\mWhjlnspB"="C:\WINDOWS\system32\lcnttkdn.exe" [03/29/2008 02:47 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03/29/2008 03:15 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 07:05 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/28/2008 11:25 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 12:43 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [6/16/2005 11:11:42 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [7/11/2006 11:24:30 AM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [3/28/2008 11:24:55 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awturro]
awturro.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a7a7f0e-1db8-11db-a28c-00038a000015}]
AutoRun\command- G:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-04-11 20:57:25 ------------

#6 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:11:06 PM

Posted 12 April 2008 - 12:07 AM

Hello Vinny2Cool,

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
File::
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\qcnttkdn.exe
C:\WINDOWS\system32\targetedbanner-uninst.exe
C:\WINDOWS\system32\atgban.dll
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\system32\lcnttkdn.exe
Folder::
C:\WINDOWS\VmluY2U
C:\WINDOWS\system32\xTmp
C:\WINDOWS\system32\winz1
C:\WINDOWS\system32\IDME
C:\WINDOWS\system32\bz3
C:\WINDOWS\system32\aqVreo01
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16B435F6-B6CE-4F24-A568-944B27ED919C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"g]eeV\mWhjlnspB"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awturro]
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:
  • Combofix.txt
  • A new HijackThis log.
Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Edited by __RiP_ChAiN_, 12 April 2008 - 12:08 AM.

Posted Image

#7 Vinny2Cool

Vinny2Cool
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 12 April 2008 - 10:40 AM

Combofix Log:

ComboFix 08-04-11.5 - Vince 2008-04-12 10:30:45.2 - NTFSx86
Running from: C:\Documents and Settings\Vince\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Vince\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\atgban.dll
C:\WINDOWS\system32\lcnttkdn.exe
C:\WINDOWS\system32\qcnttkdn.exe
C:\WINDOWS\system32\targetedbanner-uninst.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\zxdnt3d.cfg
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Vince\Start Menu\Programs\Startup\Deewoo.lnk
C:\WINDOWS\system32\aqVreo01
C:\WINDOWS\system32\bz3
C:\WINDOWS\system32\IDME
C:\WINDOWS\system32\IDME\TGbn1dll.exe
C:\WINDOWS\system32\lcnttkdn.exe
C:\WINDOWS\system32\qcnttkdn.exe
C:\WINDOWS\system32\targetedbanner-uninst.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\winz1
C:\WINDOWS\system32\xTmp
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\VmluY2U

.
((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.

2008-04-11 18:22 . 2008-04-11 18:22 <DIR> d-------- C:\Deckard
2008-03-30 18:38 . 2008-03-30 18:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-30 17:14 . 2007-06-30 22:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-30 17:14 . 2007-06-30 22:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-30 16:05 . 2005-02-24 22:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-30 16:01 . 2007-07-30 20:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-30 16:01 . 2007-07-30 20:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-30 16:01 . 2007-07-30 20:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-30 16:01 . 2007-07-30 20:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-30 16:01 . 2007-07-30 20:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-30 00:40 . 2004-10-15 19:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-03-30 00:40 . 2004-10-15 19:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-03-30 00:40 . 2004-10-15 19:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-03-30 00:40 . 2004-10-15 19:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-03-30 00:40 . 2004-10-15 19:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-03-30 00:40 . 2004-10-15 19:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-03-30 00:39 . 2008-03-30 00:39 <DIR> d-------- C:\Program Files\Sygate
2008-03-30 00:39 . 2004-10-15 19:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-03-29 22:51 . 2008-03-29 23:49 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-29 22:51 . 2008-03-29 22:51 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-29 22:51 . 2008-03-29 22:51 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-29 22:51 . 2008-03-29 22:51 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-29 17:10 . 2008-03-29 23:43 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-29 17:10 . 2008-03-29 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-29 12:41 . 2008-03-29 12:41 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-29 12:41 . 2008-03-29 12:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-29 12:40 . 2008-03-29 12:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 10:47 . 2008-03-29 10:47 13,942 --a------ C:\WINDOWS\system32\iphone-011.ico
2008-03-29 06:47 . 2008-03-29 06:47 1,635 --a------ C:\WINDOWS\system32\vaio3-011.ico
2008-03-29 03:14 . 2008-04-12 10:20 <DIR> d-------- C:\Documents and Settings\Vince\Application Data\AVG7
2008-03-29 03:14 . 2008-03-29 03:14 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-29 03:13 . 2008-03-29 03:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 03:13 . 2008-03-29 03:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-28 23:26 . 2008-03-28 23:26 <DIR> d-------- C:\Documents and Settings\Vince\Application Data\PC Tools
2008-03-28 23:26 . 2007-12-10 15:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-28 23:26 . 2007-12-10 15:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-28 23:26 . 2008-02-01 13:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-28 23:26 . 2007-12-10 15:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-28 22:45 . 2008-03-30 01:07 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-28 22:43 . 2008-04-11 19:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-28 22:20 . 2008-03-28 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-28 21:56 . 2008-04-11 20:41 <DIR> d-------- C:\Temp
2008-03-24 01:09 . 2008-03-24 01:10 <DIR> d-------- C:\Documents and Settings\Vince\Application Data\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-12 01:28 --------- d-----w C:\Program Files\Azureus
2008-04-12 01:22 --------- d-----w C:\Documents and Settings\Vince\Application Data\Azureus
2008-04-06 19:01 --------- d-----w C:\Program Files\iTunes
2008-04-04 00:33 --------- d-----w C:\Program Files\Google
2008-03-30 04:38 --------- d-----w C:\Program Files\Digital Line Detect
2008-03-30 04:36 --------- d-----w C:\Program Files\BAE
2008-03-29 18:42 --------- d-----w C:\Program Files\IrfanView
2008-03-29 09:18 --------- d-----w C:\Program Files\NetWaiting
2008-03-29 09:18 --------- d-----w C:\Program Files\DellSupport
2008-03-29 08:55 --------- d-----w C:\Program Files\QuickTime
2007-06-27 03:25 88 --sha-r C:\WINDOWS\system32\428A917C6A.sys
2007-06-27 03:25 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 63,712 2007-03-09 16:09:58 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe

----a-w 39,792 2007-10-11 00:51:55 C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe

----a-w 81,920 2005-06-10 15:44:02 C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe

----a-w 249,856 2005-06-10 15:44:02 C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe

----a-w 49,152 2005-12-10 01:29:52 C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe

----a-w 290,816 2004-04-12 01:15:14 C:\Program Files\Dell\Media Experience\bak\PCMService.exe

----a-w 1,032,192 2006-04-06 19:58:52 C:\Program Files\Dell\QuickSet\bak\Quickset.exe

----a-w 460,784 2007-03-15 16:09:36 C:\Program Files\DellSupport\bak\DSAgnt.exe

----a-w 169,984 2006-07-11 16:42:12 C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe

----a-w 602,182 2005-12-28 16:56:16 C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe

----a-w 667,718 2005-12-28 16:55:40 C:\Program Files\Intel\Wireless\Bin\bak\ZCfgSvc.exe

----a-w 257,088 2007-03-15 00:05:48 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 257,088 2007-03-15 00:05:48 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 36,975 2005-04-13 08:48:52 C:\Program Files\Java\jre1.5.0_03\bin\bak\jusched.exe

----a-w 1,121,792 2005-08-12 21:16:44 C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe

----a-w 1,694,208 2004-10-13 16:24:37 C:\Program Files\Messenger\bak\msmsgs.exe

----a-w 20,480 2003-09-10 07:24:00 C:\Program Files\NetWaiting\bak\netWaiting.exe

----a-w 282,624 2007-02-16 15:54:04 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 761,947 2006-03-08 16:48:02 C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe

----a-w 77,824 2005-12-13 21:41:08 C:\WINDOWS\system32\bak\hkcmd.exe

----a-w 118,784 2005-12-13 21:45:00 C:\WINDOWS\system32\bak\igfxpers.exe

----a-w 98,304 2005-12-13 21:44:18 C:\WINDOWS\system32\bak\igfxtray.exe

----a-w 127,035 2004-12-06 06:05:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-28 23:25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 282624 C:\WINDOWS\stsystra.exe]
"g]eeV\mWhjlnspB"="C:\WINDOWS\system32\lcnttkdn.exe" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-29 03:15 579072]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-29 03:14 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-11 11:24:30 24576]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-28 23:24:55 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a7a7f0e-1db8-11db-a28c-00038a000015}]
\Shell\AutoRun\command - G:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-06 03:51:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 10:32:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"g]eeV\\mWhjlnspB"="C:\\WINDOWS\\system32\\lcnttkdn.exe DWram"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-04-12 10:33:34
ComboFix-quarantined-files.txt 2008-04-12 15:33:16
ComboFix2.txt 2008-04-12 01:53:18
Pre-Run: 25,850,884,096 bytes free
Post-Run: 25,838,546,944 bytes free


New Hijack Log:

Deckard's System Scanner v20071014.68
Run by Vince on 2008-04-12 10:38:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Vince.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:40 AM, on 4/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Vince\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Vince.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\lcnttkdn.exe DWram
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206910817843
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (Secure Data Transfer Control) - http://www.youbet.net/wr_5_8/controls/ybrequest.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8712 bytes

-- Files created between 2008-03-12 and 2008-04-12 -----------------------------

2008-04-11 20:40:18 68096 --a------ C:\WINDOWS\zip.exe
2008-04-11 20:40:18 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-11 20:40:18 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-11 20:40:18 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-11 20:40:18 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-11 20:40:18 98816 --a------ C:\WINDOWS\sed.exe
2008-04-11 20:40:18 80412 --a------ C:\WINDOWS\grep.exe
2008-04-11 20:40:18 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-30 18:38:09 0 d-------- C:\Program Files\Trend Micro
2008-03-30 17:05:56 0 d-------- C:\WINDOWS\network diagnostic
2008-03-30 16:32:43 4050944 --a------ C:\Documents and Settings\Vince\ntuser.dat
2008-03-30 16:07:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-03-30 16:05:56 0 d-------- C:\WINDOWS\system32\PreInstall
2008-03-30 16:01:47 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-03-30 00:40:05 60496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
2008-03-30 00:40:04 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
2008-03-30 00:39:47 0 d-------- C:\Program Files\Sygate
2008-03-29 22:51:32 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-29 17:10:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-29 12:41:35 0 d-------- C:\Program Files\Lavasoft
2008-03-29 12:41:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-29 12:40:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 03:19:08 0 dr-h----- C:\$VAULT$.AVG
2008-03-29 03:14:19 0 d-------- C:\Documents and Settings\Vince\Application Data\AVG7
2008-03-29 03:14:13 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-29 03:13:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-29 03:13:55 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-28 23:26:11 0 d-------- C:\Documents and Settings\Vince\Application Data\PC Tools
2008-03-28 23:16:27 0 --a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-28 22:45:31 0 d-------- C:\Program Files\Spyware Doctor
2008-03-28 22:43:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-28 22:20:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-28 22:12:31 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-03-28 22:12:06 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-03-28 21:56:30 0 d-------- C:\Temp
2008-03-24 01:09:56 0 d-------- C:\Documents and Settings\Vince\Application Data\Move Networks


-- Find3M Report ---------------------------------------------------------------

2008-04-11 20:32:14 0 d-------- C:\Program Files\Common Files
2008-04-11 20:28:18 0 d-------- C:\Program Files\Azureus
2008-04-11 20:22:26 0 d-------- C:\Documents and Settings\Vince\Application Data\Azureus
2008-04-06 14:01:36 0 d-------- C:\Program Files\iTunes
2008-04-03 19:33:13 0 d-------- C:\Program Files\Google
2008-03-29 23:38:55 0 d-------- C:\Program Files\Digital Line Detect
2008-03-29 23:36:45 0 d-------- C:\Program Files\BAE
2008-03-29 13:42:32 0 d-------- C:\Program Files\IrfanView
2008-03-29 04:18:07 0 d-------- C:\Program Files\NetWaiting
2008-03-29 04:18:06 0 d-------- C:\Program Files\DellSupport
2008-03-29 03:55:14 0 d-------- C:\Program Files\QuickTime
2008-03-29 03:19:08 0 d-------- C:\Program Files\Messenger


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 04:30 PM C:\WINDOWS\stsystra.exe]
"g]eeV\mWhjlnspB"="C:\WINDOWS\system32\lcnttkdn.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03/29/2008 03:15 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 07:05 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/28/2008 11:25 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [6/16/2005 11:11:42 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [7/11/2006 11:24:30 AM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [3/28/2008 11:24:55 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a7a7f0e-1db8-11db-a28c-00038a000015}]
AutoRun\command- G:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-04-12 10:39:55 ------------

#8 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:11:06 PM

Posted 14 April 2008 - 06:03 PM

Hello Vinny2Cool,

Click HERE to download FindAWF.exe and save it to your desktop.
Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 1, then press Enter.
FindAWF tool will begin scanning.
It may take a few minutes to complete so be patient.
When the scan is finished, a text file in notepad called AWF.txt will automatically open.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.
Posted Image

#9 Vinny2Cool

Vinny2Cool
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 14 April 2008 - 09:46 PM

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Mon 04/14/2008
The current time is: 21:43:49.51


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\DELLSU~1\BAK

03/15/2007 11:09 AM 460,784 DSAgnt.exe
1 File(s) 460,784 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

03/14/2007 07:05 PM 257,088 iTunesHelper.exe
1 File(s) 257,088 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004 11:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\NETWAI~1\BAK

09/10/2003 02:24 AM 20,480 netWaiting.exe
1 File(s) 20,480 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

02/16/2007 10:54 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

12/13/2005 04:41 PM 77,824 hkcmd.exe
12/13/2005 04:45 PM 118,784 igfxpers.exe
12/13/2005 04:44 PM 98,304 igfxtray.exe
3 File(s) 294,912 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

12/09/2005 08:29 PM 49,152 DVDLauncher.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\DELL\MEDIAE~1\BAK

04/11/2004 08:15 PM 290,816 PCMService.exe
1 File(s) 290,816 bytes

Directory of C:\PROGRA~1\DELL\QUICKSET\BAK

04/06/2006 02:58 PM 1,032,192 Quickset.exe
1 File(s) 1,032,192 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

07/11/2006 11:42 AM 169,984 GoogleDesktop.exe
1 File(s) 169,984 bytes

Directory of C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK

08/12/2005 04:16 PM 1,121,792 MSKDetct.exe
1 File(s) 1,121,792 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

03/08/2006 11:48 AM 761,947 SynTPEnh.exe
1 File(s) 761,947 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

12/06/2004 01:05 AM 127,035 tfswctrl.exe
1 File(s) 127,035 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 07:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

06/10/2005 10:44 AM 81,920 issch.exe
06/10/2005 10:44 AM 249,856 isuspm.exe
2 File(s) 331,776 bytes

Directory of C:\PROGRA~1\INTEL\WIRELESS\BIN\BAK

12/28/2005 11:56 AM 602,182 ifrmewrk.exe
12/28/2005 11:55 AM 667,718 ZCfgSvc.exe
2 File(s) 1,269,900 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

04/13/2005 03:48 AM 36,975 jusched.exe
1 File(s) 36,975 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.2\APPS\BAK

03/09/2007 11:09 AM 63,712 apdproxy.exe
1 File(s) 63,712 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

460784 Mar 15 2007 "C:\Program Files\DellSupport\bak\DSAgnt.exe"
257088 Mar 14 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
257088 Mar 14 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Apr 6 2008 "C:\WINDOWS\Installer\{AB90749C-7422-4580-8A7A-66CC5E9E5F98}\iTunesIco.exe"
116288 Mar 14 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.1.1.5\iTunesSetupAdmin.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
20480 Sep 10 2003 "C:\Program Files\NetWaiting\bak\netWaiting.exe"
282624 Feb 16 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
77824 Dec 13 2005 "C:\drivers\video\onboard\hkcmd.exe"
77824 Dec 13 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
118784 Dec 13 2005 "C:\drivers\video\onboard\igfxpers.exe"
118784 Dec 13 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
98304 Dec 13 2005 "C:\drivers\video\onboard\igfxtray.exe"
98304 Dec 13 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
49152 Dec 9 2005 "C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
290816 Apr 11 2004 "C:\Program Files\Dell\Media Experience\bak\PCMService.exe"
1032192 Apr 6 2006 "C:\Program Files\Dell\QuickSet\bak\Quickset.exe"
52272 Feb 14 2007 "C:\Program Files\Google\googletoolbar5user.exe"
1529400 Jun 14 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
68856 Mar 28 2008 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
124400 Mar 28 2008 "C:\Program Files\Google\Google Updater\GoogleUpdater.exe"
169984 Jul 11 2006 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
124400 Mar 28 2008 "C:\Program Files\Google\Google Updater\2.2.1172.2021\GoogleUpdaterRestartManager.exe"
1121792 Aug 12 2005 "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"
761947 Mar 8 2006 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
761947 Mar 8 2006 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
127035 Dec 6 2004 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
127035 Dec 6 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
81920 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
602182 Dec 28 2005 "C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe"
667718 Dec 28 2005 "C:\Program Files\Intel\Wireless\Bin\bak\ZCfgSvc.exe"
36975 Apr 13 2005 "C:\Program Files\Java\jre1.5.0_03\bin\bak\jusched.exe"
63712 Mar 9 2007 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe"


end of report

#10 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:11:06 PM

Posted 18 April 2008 - 02:54 PM

Hello Vinny2Cool :thumbsup:

You have a downloader trojan called Downloader.Agent.awf or Downloader.Agent.ayy. This trojan replaces legitimate files that are common on most computers with an infected file. It then moves the legitimate file to a "bak" or backup folder. Please follow steps below:

Copy the file paths in quote below to the clipboard, highlight all of them right-click and choose copy, or highlight them and press Ctrl+C:

"C:\Program Files\DellSupport\bak\DSAgnt.exe"
"C:\Program Files\Messenger\bak\msmsgs.exe"
"C:\Program Files\NetWaiting\bak\netWaiting.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\WINDOWS\system32\bak\hkcmd.exe"
"C:\WINDOWS\system32\bak\igfxpers.exe"
"C:\WINDOWS\system32\bak\igfxtray.exe"
"C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
"C:\Program Files\Dell\Media Experience\bak\PCMService.exe"
"C:\Program Files\Dell\QuickSet\bak\Quickset.exe"
"C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
"C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
"C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe"
"C:\Program Files\Intel\Wireless\Bin\bak\ZCfgSvc.exe"
"C:\Program Files\Java\jre1.5.0_03\bin\bak\jusched.exe"
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe"


Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 2, then press Enter.
Press any key to continue.
A Notepad document files.txt will appear with instructions to click below the line and paste the list of files to be restored.
Right click below the line and paste the list of files that were copied to the clipboard (Ctrl+V).
Close Notepad and you will receive prompt to save the changes, click Yes.
The program will proceed with working.
It may take a few minutes to complete so be patient.
When the scan is finished, it will open a text file in notepad called AWF.txt.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.
Posted Image

#11 Vinny2Cool

Vinny2Cool
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 18 April 2008 - 07:34 PM

Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Fri 04/18/2008
The current time is: 19:29:23.73


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\DELLSU~1\BAK

03/15/2007 11:09 AM 460,784 DSAgnt.exe
1 File(s) 460,784 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

03/14/2007 07:05 PM 257,088 iTunesHelper.exe
1 File(s) 257,088 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004 11:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\NETWAI~1\BAK

09/10/2003 02:24 AM 20,480 netWaiting.exe
1 File(s) 20,480 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

02/16/2007 10:54 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

12/13/2005 04:41 PM 77,824 hkcmd.exe
12/13/2005 04:45 PM 118,784 igfxpers.exe
12/13/2005 04:44 PM 98,304 igfxtray.exe
3 File(s) 294,912 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

12/09/2005 08:29 PM 49,152 DVDLauncher.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\DELL\MEDIAE~1\BAK

04/11/2004 08:15 PM 290,816 PCMService.exe
1 File(s) 290,816 bytes

Directory of C:\PROGRA~1\DELL\QUICKSET\BAK

04/06/2006 02:58 PM 1,032,192 Quickset.exe
1 File(s) 1,032,192 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

07/11/2006 11:42 AM 169,984 GoogleDesktop.exe
1 File(s) 169,984 bytes

Directory of C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK

08/12/2005 04:16 PM 1,121,792 MSKDetct.exe
1 File(s) 1,121,792 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

03/08/2006 11:48 AM 761,947 SynTPEnh.exe
1 File(s) 761,947 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

12/06/2004 01:05 AM 127,035 tfswctrl.exe
1 File(s) 127,035 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 07:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

06/10/2005 10:44 AM 81,920 issch.exe
06/10/2005 10:44 AM 249,856 isuspm.exe
2 File(s) 331,776 bytes

Directory of C:\PROGRA~1\INTEL\WIRELESS\BIN\BAK

12/28/2005 11:56 AM 602,182 ifrmewrk.exe
12/28/2005 11:55 AM 667,718 ZCfgSvc.exe
2 File(s) 1,269,900 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

04/13/2005 03:48 AM 36,975 jusched.exe
1 File(s) 36,975 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.2\APPS\BAK

03/09/2007 11:09 AM 63,712 apdproxy.exe
1 File(s) 63,712 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

460784 Mar 15 2007 "C:\Program Files\DellSupport\DSAgnt.exe"
460784 Mar 15 2007 "C:\Program Files\DellSupport\bak\DSAgnt.exe"
257088 Mar 14 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
257088 Mar 14 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Apr 6 2008 "C:\WINDOWS\Installer\{AB90749C-7422-4580-8A7A-66CC5E9E5F98}\iTunesIco.exe"
116288 Mar 14 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.1.1.5\iTunesSetupAdmin.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\msmsgs.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
20480 Sep 10 2003 "C:\Program Files\NetWaiting\netWaiting.exe"
20480 Sep 10 2003 "C:\Program Files\NetWaiting\bak\netWaiting.exe"
282624 Feb 16 2007 "C:\Program Files\QuickTime\qttask.exe"
282624 Feb 16 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
77824 Dec 13 2005 "C:\WINDOWS\system32\hkcmd.exe"
77824 Dec 13 2005 "C:\drivers\video\onboard\hkcmd.exe"
77824 Dec 13 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
118784 Dec 13 2005 "C:\WINDOWS\system32\igfxpers.exe"
118784 Dec 13 2005 "C:\drivers\video\onboard\igfxpers.exe"
118784 Dec 13 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
98304 Dec 13 2005 "C:\WINDOWS\system32\igfxtray.exe"
98304 Dec 13 2005 "C:\drivers\video\onboard\igfxtray.exe"
98304 Dec 13 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
49152 Dec 9 2005 "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
49152 Dec 9 2005 "C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
290816 Apr 11 2004 "C:\Program Files\Dell\Media Experience\PCMService.exe"
290816 Apr 11 2004 "C:\Program Files\Dell\Media Experience\bak\PCMService.exe"
1032192 Apr 6 2006 "C:\Program Files\Dell\QuickSet\Quickset.exe"
1032192 Apr 6 2006 "C:\Program Files\Dell\QuickSet\bak\Quickset.exe"
52272 Feb 14 2007 "C:\Program Files\Google\googletoolbar5user.exe"
1529400 Jun 14 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
68856 Mar 28 2008 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
124400 Mar 28 2008 "C:\Program Files\Google\Google Updater\GoogleUpdater.exe"
169984 Jul 11 2006 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
124400 Mar 28 2008 "C:\Program Files\Google\Google Updater\2.2.1172.2021\GoogleUpdaterRestartManager.exe"
1121792 Aug 12 2005 "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe"
1121792 Aug 12 2005 "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"
761947 Mar 8 2006 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
761947 Mar 8 2006 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
127035 Dec 6 2004 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
127035 Dec 6 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
81920 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
81920 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
602182 Dec 28 2005 "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe"
602182 Dec 28 2005 "C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe"
667718 Dec 28 2005 "C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe"
667718 Dec 28 2005 "C:\Program Files\Intel\Wireless\Bin\bak\ZCfgSvc.exe"
36975 Apr 13 2005 "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
36975 Apr 13 2005 "C:\Program Files\Java\jre1.5.0_03\bin\bak\jusched.exe"
63712 Mar 9 2007 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
63712 Mar 9 2007 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe"


end of report

#12 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:11:06 PM

Posted 22 April 2008 - 06:24 AM

Hello Vinny2Cool :thumbsup:

Copy the paths in quote below to the clipboard, highlight all of them right-click and choose copy, or highlight them and press Ctrl+C:

C:\Program Files\DellSupport\bak
C:\Program Files\Messenger\bak
C:\Program Files\NetWaiting\bak
C:\Program Files\QuickTime\bak
C:\WINDOWS\system32\bak
C:\Program Files\CyberLink\PowerDVD\bak
C:\Program Files\Dell\Media Experience\bak
C:\Program Files\Dell\QuickSet\bak
C:\Program Files\Google\Google Desktop Search\bak
C:\Program Files\McAfee\SpamKiller\bak
C:\Program Files\Common Files\InstallShield\UpdateService\bak
C:\Program Files\Common Files\InstallShield\UpdateService\bak
C:\Program Files\Intel\Wireless\Bin\bak
C:\Program Files\Intel\Wireless\Bin\bak
C:\Program Files\Java\jre1.5.0_03\bin\bak
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak


Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 3, then press Enter.
Press any key to continue.
A Notepad document folders.txt will appear with instructions to click below the line and paste the list of folders to be removed.
Right click below the line and paste the list of paths that were copied to the clipboard (Ctrl+V).
Close Notepad and you will receive prompt to save the changes, click Yes.
The program will proceed with working.
It may take a few minutes to complete so be patient.
When the scan is finished, it will open a text file in notepad called AWF.txt.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.
Posted Image

#13 Vinny2Cool

Vinny2Cool
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 22 April 2008 - 06:44 PM

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: Tue 04/22/2008
The current time is: 18:41:15.35


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ITUNES\BAK

03/14/2007 07:05 PM 257,088 iTunesHelper.exe
1 File(s) 257,088 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

03/08/2006 11:48 AM 761,947 SynTPEnh.exe
1 File(s) 761,947 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

12/06/2004 01:05 AM 127,035 tfswctrl.exe
1 File(s) 127,035 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 07:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

257088 Mar 14 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
257088 Mar 14 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Apr 6 2008 "C:\WINDOWS\Installer\{AB90749C-7422-4580-8A7A-66CC5E9E5F98}\iTunesIco.exe"
116288 Mar 14 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.1.1.5\iTunesSetupAdmin.exe"
761947 Mar 8 2006 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
761947 Mar 8 2006 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
127035 Dec 6 2004 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
127035 Dec 6 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"


end of report

#14 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:11:06 PM

Posted 25 April 2008 - 12:12 AM

Hello Vinny2Cool :thumbsup:

Copy the paths in quote below to the clipboard, highlight all of them right-click and choose copy, or highlight them and press Ctrl+C:

C:\Program Files\ITUNES\BAK
C:\Program Files\Synaptics\SYNTP\BAK
C:\WINDOWS\SYSTEM32\DLA\BAK
C:\Program Files\ADOBE\READER~1.0\READER\BAK


Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 3, then press Enter.
Press any key to continue.
A Notepad document folders.txt will appear with instructions to click below the line and paste the list of folders to be removed.
Right click below the line and paste the list of paths that were copied to the clipboard (Ctrl+V).
Close Notepad and you will receive prompt to save the changes, click Yes.
The program will proceed with working.
It may take a few minutes to complete so be patient.
When the scan is finished, it will open a text file in notepad called AWF.txt.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.
Posted Image

#15 Vinny2Cool

Vinny2Cool
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 27 April 2008 - 05:31 PM

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: Sun 04/27/2008
The current time is: 17:27:54.06


bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users