Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Snap.exe On Desktop - Pls Help


  • This topic is locked This topic is locked
20 replies to this topic

#1 Rekkel

Rekkel

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 01 April 2008 - 09:40 AM

Hello

I have an application shortcut called "SNAP.EXE" on my desktop and i can't get rid of it. I am also getting pop-ups to install anti-spyware software and warnings from system integrity scan wizard saying "warning:your computer may have critical errors in windows registry and file system"
I have followed all procedures recommended before i post but it still hasn't solved the problem. Below is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:30, on 01/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [pwvsktsb] C:\WINDOWS\system32\kxqpgvmn.exe
O4 - HKCU\..\Run: [shcrqwtt] C:\WINDOWS\system32\mfqziteh.exe
O4 - HKCU\..\Run: [rlpatxgm] C:\WINDOWS\system32\ijmryjsz.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [EY2nXk91D1] C:\Documents and Settings\All Users\Application Data\whovcjyp\wzaxihkn.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129486872515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134064576953
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9959 bytes

Thank you

BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:12 AM

Posted 02 April 2008 - 08:57 AM

Hello and welcome to BleepingComputer. :blink:

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once we're finished.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
When disabled, please download ResetTeaTimer.bat.
Double-click ResetTeaTimer.bat to remove all entries set by TeaTimer. This is done so it can be re-enabled without problems after cleaning.

---

Then... Please rerun a scan with HijackThis and check the following objects for removal:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [pwvsktsb] C:\WINDOWS\system32\kxqpgvmn.exe
O4 - HKCU\..\Run: [shcrqwtt] C:\WINDOWS\system32\mfqziteh.exe
O4 - HKCU\..\Run: [rlpatxgm] C:\WINDOWS\system32\ijmryjsz.exe
O4 - HKLM\..\Policies\Explorer\Run: [EY2nXk91D1] C:\Documents and Settings\All Users\Application Data\whovcjyp\wzaxihkn.exe


Now close ALL other open windows but HijackThis and hit FIX CHECKED. Exit HijackThis.

---

Next, please copy the following text in the quotebox below to a blank notepad file. Make sure the filetype is set to "All Files" and save it as delete.bat on your desktop.

@echo off

attrib -r -h C:\WINDOWS\system32\kxqpgvmn.exe
del /a /f /q C:\WINDOWS\system32\kxqpgvmn.exe
attrib -r -h C:\WINDOWS\system32\mfqziteh.exe
del /a /f /q C:\WINDOWS\system32\mfqziteh.exe
attrib -r -h C:\WINDOWS\system32\ijmryjsz.exe
del /a /f /q C:\WINDOWS\system32\ijmryjsz.exe
RD /s /q "C:\Documents and Settings\All Users\Application Data\whovcjyp"
del delete.bat
exit

Now double-click on the delete.bat on your desktop -- a window will popup and close, this is normal.

---

Finally..

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. :thumbsup:

Hi there, stranger!

#3 Rekkel

Rekkel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 03 April 2008 - 07:12 AM

Ok, here is the main.txt....

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-04-03 14:01:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
89: 2008-04-03 12:01:32 UTC - RP587 - Deckard's System Scanner Restore Point
88: 2008-04-03 07:24:31 UTC - RP586 - System Checkpoint
87: 2008-04-02 01:27:25 UTC - RP585 - Removed AVG 7.5
86: 2008-04-01 23:49:12 UTC - RP584 - System Checkpoint
85: 2008-03-31 22:52:50 UTC - RP583 - Installed Ad-Aware 2007


-- First Restore Point --
1: 2008-01-05 21:22:42 UTC - RP499 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 20.2 GiB (less than 15%) free.


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:02:22, on 03/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129486872515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134064576953
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10551 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080403-135718-116 O4 - HKLM\..\Policies\Explorer\Run: [EY2nXk91D1] C:\Documents and Settings\All Users\Application Data\whovcjyp\wzaxihkn.exe
backup-20080403-135718-127 O4 - HKCU\..\Run: [pwvsktsb] C:\WINDOWS\system32\kxqpgvmn.exe
backup-20080403-135718-272 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080403-135718-302 O4 - HKCU\..\Run: [rlpatxgm] C:\WINDOWS\system32\ijmryjsz.exe
backup-20080403-135718-907 O4 - HKCU\..\Run: [shcrqwtt] C:\WINDOWS\system32\mfqziteh.exe

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\ALXMorph\ALXMorph.icl,65
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,23
.ini - inifile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\ALXMorph\ALXMorph.icl,55
.reg - regfile - shell\open\command - regedit.exe"%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.txt - txtfile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\ALXMorph\ALXMorph.icl,57


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>

S3 pnicml - c:\docume~1\admini~1\locals~1\temp\pnicml.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 SysEnforce -


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: RAID Controller
Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_80ED1043&REV_80\3&267A616A&0&78
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_80ED1043&REV_80\3&267A616A&0&78
Service:


-- Files created between 2008-03-03 and 2008-04-03 -----------------------------

2008-04-02 03:41:01 0 d-------- C:\N360_BACKUP
2008-04-02 03:40:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-02 03:35:08 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Symantec
2008-04-02 03:33:32 0 d-------- C:\Program Files\Windows Sidebar
2008-04-02 03:33:16 0 d-------- C:\Program Files\Norton 360
2008-04-02 03:32:31 0 d-------- C:\Program Files\Symantec
2008-04-02 03:32:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-02 03:29:12 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-02 03:00:46 0 d--hs---- C:\Documents and Settings\NetworkService\UserData
2008-04-01 16:32:10 0 d-------- C:\Program Files\Trend Micro
2008-04-01 09:50:56 0 d-------- C:\Documents and Settings\NetworkService\.housecall6.6
2008-04-01 09:41:57 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Sun
2008-04-01 09:38:50 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-04-01 09:38:42 0 d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2008-04-01 09:32:46 0 d-------- C:\Documents and Settings\NetworkService\Application Data\yahoo!
2008-04-01 09:30:14 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-04-01 09:28:25 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-04-01 00:52:51 0 d-------- C:\Program Files\Lavasoft
2008-04-01 00:52:19 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 00:27:22 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
2008-04-01 00:27:22 60496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
2008-04-01 00:26:57 0 d-------- C:\Program Files\Sygate
2008-04-01 00:01:16 0 d-------- C:\WINDOWS\BDOSCAN8
2008-03-31 23:59:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\HouseCall 6.6
2008-03-31 22:12:19 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-31 22:12:19 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-31 22:12:19 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-31 22:12:19 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-31 22:12:19 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-31 21:13:15 3184 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-31 20:19:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-03-31 20:19:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-31 19:33:07 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-03-31 19:32:37 0 d-------- C:\Program Files\Common Files\iS3
2008-03-31 19:32:36 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-03-31 19:28:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\RegClean
2008-03-31 19:28:16 0 d-------- C:\Program Files\RegClean
2008-03-28 11:47:33 0 d-------- C:\SIMON2
2008-03-28 11:45:25 0 d-------- C:\SIERRA
2008-03-28 10:00:35 0 d-------- C:\Buziol Games
2008-03-27 10:46:46 0 d-------- C:\Program Files\IA
2008-03-26 15:52:52 159744 --a------ C:\WINDOWS\system32\hasher.dll <Not Verified; ; hasher Dynamic Link Library>
2008-03-26 15:52:51 0 d-------- C:\Program Files\Trisnap Technologies
2008-03-26 15:36:49 0 d--h----- C:\WINDOWS\PIF
2008-03-25 11:07:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\GlarySoft
2008-03-25 10:58:14 0 d-------- C:\Program Files\Netcom3 Cleaner
2008-03-24 23:47:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-24 03:04:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-03-24 02:47:23 802816 --a------ C:\WINDOWS\feedingfrenzy.scr <Not Verified; Sprout Games, LLC; Feeding Frenzy>
2008-03-24 02:47:20 0 d-------- C:\My Download Files
2008-03-24 02:46:02 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2008-03-24 02:45:55 0 d-------- C:\Program Files\Real
2008-03-24 02:45:55 0 d-------- C:\Program Files\Common Files\Real
2008-03-24 02:24:40 398416 --a------ C:\WINDOWS\system\VBRUN300.DLL <Not Verified; Microsoft Corporation; Visual Basic 3.0>
2008-03-24 02:24:40 7008 --a------ C:\WINDOWS\system\SETUPKIT.DLL
2008-03-24 02:24:40 72192 --a------ C:\WINDOWS\system\GSWDLL.DLL <Not Verified; Bits Per Second Ltd; Graphics Server>
2008-03-24 02:24:40 38400 --a------ C:\WINDOWS\system\DDEML.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32thun.dll
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32taack.exe
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32taack.dat
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32netode.exe
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32h@tkeysh@@k.dll
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-03-24 01:25:28 4096 --a------ C:\WINDOWS\a.bat
2008-03-24 01:25:27 4096 --a------ C:\WINDOWS\winsystem.exe
2008-03-24 01:25:27 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-03-24 01:25:27 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-03-24 01:25:27 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-03-24 01:25:27 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-03-24 01:25:27 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-03-24 01:25:27 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-03-24 01:25:27 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-03-24 01:25:27 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-03-24 01:25:27 4096 --a------ C:\WINDOWS\system32bdn.com
2008-03-24 01:25:27 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-03-24 01:25:27 4096 --a------ C:\WINDOWS\system32anticipator.dll
2008-03-24 01:25:27 4096 --a------ C:\WINDOWS\system32akttzn.exe


-- Find3M Report ---------------------------------------------------------------

2008-04-02 03:34:08 0 d-------- C:\Program Files\Common Files
2008-04-02 03:27:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-04-01 11:04:38 0 d-------- C:\Program Files\Messenger
2008-04-01 10:46:28 0 d-------- C:\Program Files\AlienGUIse
2008-03-31 22:05:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\social.im
2008-03-31 21:59:00 0 d-------- C:\Program Files\Google
2008-03-31 21:44:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-31 21:44:51 0 d-------- C:\Program Files\Canon
2008-03-28 18:37:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\dvdcss
2008-03-28 09:33:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\GrabIt
2008-03-25 00:13:30 0 d-------- C:\Program Files\Snowy The Bears Adventure
2008-03-24 01:46:05 1171 --a------ C:\WINDOWS\mozver.dat
2008-02-24 23:25:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-02-13 20:52:16 0 d-------- C:\Program Files\Player
2008-02-12 12:29:49 0 d-------- C:\Program Files\GrabIt
2008-02-10 13:54:57 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-04 20:59:56 0 d-------- C:\Program Files\Zylom Games
2008-02-04 19:41:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-02-04 14:11:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-02-04 14:11:13 0 d-------- C:\Program Files\Java
2008-02-04 14:10:03 0 d-------- C:\Program Files\Common Files\Java
2008-02-04 11:20:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\TransRender
2008-01-09 15:01:48 53248 --a------ C:\WINDOWS\bdoscandel.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
24/02/2008 04:08 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
02/04/2008 03:34 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [24/02/2008 04:08 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [05/06/2003 16:49 C:\WINDOWS\system32\ptipbmf.dll]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [14/09/2005 22:05]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [05/05/2003 09:57]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 13:50]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [12/08/2005 16:43]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 03:07 C:\WINDOWS\system32\bthprops.cpl]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [08/06/2007 16:59]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 03:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [12/01/2008 00:16]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" []
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [15/10/2004 19:40]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" []
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [18/02/2008 21:37]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [26/02/2008 16:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 03:07]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 18:24]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [30/08/2007 19:43]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [08/06/2007 16:59]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [30/01/2008 12:31]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 21/12/2001 00:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48d07754-dd86-11dc-9be9-000ea67065fa}]
Auto\command- driver.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL driver.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5f788be-1380-11dc-9a84-000ea67065fa}]
Auto\command- RavMon.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edeaefba-e3ec-11dc-9bf0-000ea67065fa}]
AutoRun\command- F:\
explore\Command- RECYCLER\INFO.exe
open\Command- RECYCLER\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eeb89e9a-1699-11dc-9a89-001195fac336}]
Auto\command- RavMon.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e

*Newly Created Service* - COH_MON
*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-04-03 14:03:22 ------------

And here is the extra.txt...

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 2800+
Percentage of Memory in Use: 37%
Physical Memory (total/avail): 1534.72 MiB / 957.26 MiB
Pagefile Memory (total/avail): 2152.8 MiB / 1670.46 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.48 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 149.04 GiB total, 20.2 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - Promise 1+0 Stripe/RAID0 SCSI Disk Device - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.04 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.)
FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Norton 360 v2007 (SYMANTEC Corperation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\World of Warcraft\\WoW-1.8.0-enGB-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.8.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\World of Warcraft\\WoW-1.8.3.4807-to-1.8.4.4878-enGB-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.8.3.4807-to-1.8.4.4878-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.8.4-enGB-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.8.4-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\Content.IE5\\2BS3LENU\\WOW_Snow_EG-downloader[1].exe"="C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\Content.IE5\\2BS3LENU\\WOW_Snow_EG-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\Content.IE5\\9S1HNP1N\\WOW_Rain_EG-downloader[1].exe"="C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\Content.IE5\\9S1HNP1N\\WOW_Rain_EG-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enGB-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.9.0-enGB-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.9.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-0.10.0.5140-enGB-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-0.10.0.5140-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\Content.IE5\\G1YNOLUJ\\AhnQiraj_GB_English-downloader[1].exe"="C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\Content.IE5\\G1YNOLUJ\\AhnQiraj_GB_English-downloader[1].exe:*:Enabled:Blizzard Downloader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\GrabIt\\GrabIt.exe"="C:\\Program Files\\GrabIt\\GrabIt.exe:*:Enabled:GrabIt"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\~os64.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\~os64.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RYAN-37D041D690
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\RYAN-37D041D690
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Samsung\Samsung PC Studio 3\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=RYAN-37D041D690
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AlienGUIse --> C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{8270831B-8F2F-4B65-8E2C-9712054C38D1}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HydraVision --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Backup --> MsiExec.exe /I{24DF7221-644B-4C3A-A478-459502D40522}
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Canon Camera Window DS for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}
Canon Camera Window DVC for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4C96958A-6562-4143-B820-FF4890D3B734}
Canon Camera Window for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C7281207-4AA4-425E-B57A-0E9EF8445635}
Canon Internet Library for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F81FBFC-9A37-431F-9050-14B55485DF5A}
Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}
Canon PhotoRecord --> MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}
Canon RAW Image Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{45EF4EE3-F591-4B74-A477-0CAE12934CE7}
Canon RemoteCapture Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}
Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
Canon ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
DG834 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Netgear\DG834\DeIsL5.isu" -cC:\PROGRA~1\Netgear\DG834\_ISREG32.DLL
Doom 3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}
GearDrvs --> MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
GrabIt 1.7.1 Beta (build 960) --> "C:\Program Files\GrabIt\unins000.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\GrabIt\Drivers\Properties\movies\HijackThis.exe" /uninstall
HouseCall 6.6 --> "C:\Documents and Settings\Administrator\Application Data\HouseCall 6.6\uninstaller.exe"
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Mario Forever v 2.16 ! --> C:\Buziol Games\Mario Forever\UnMario.exe
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Network Play System (Patching) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_0_0_242\Setup.exe" /X
Norton 360 HTMLHelp --> MsiExec.exe /I{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
QuickPar 0.9 --> C:\Program Files\QuickPar\uninst.exe
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly
Samsung Samples Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -l0x9 -removeonly
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpeechRedist --> MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sygate Personal Firewall --> MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Symantec Technical Support Controls --> MsiExec.exe /I{45690715-80A6-4445-B61D-ADEC5888E8CD}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Uru - Ages Beyond Myst --> "C:\Program Files\Ubi Soft\Cyan Worlds\Uru - Ages Beyond Myst\UninstallerData\Uninstall Uru - Ages Beyond Myst.exe"
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type3258 / Error
Event Submitted/Written: 03/31/2008 09:47:06 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application regsvr32.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3257 / Error
Event Submitted/Written: 03/31/2008 09:46:33 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3254 / Error
Event Submitted/Written: 03/31/2008 09:39:46 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3253 / Error
Event Submitted/Written: 03/31/2008 09:38:41 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3252 / Error
Event Submitted/Written: 03/31/2008 09:37:46 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application WINWORD.EXE, version 10.0.6838.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type64284 / Error
Event Submitted/Written: 04/03/2008 01:43:37 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SysEnforce service failed to start due to the following error:
%%3

Event Record #/Type64251 / Warning
Event Submitted/Written: 04/03/2008 04:48:33 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type64244 / Error
Event Submitted/Written: 04/03/2008 02:53:47 AM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom1, has a bad block.

Event Record #/Type64243 / Error
Event Submitted/Written: 04/03/2008 02:53:09 AM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom1, has a bad block.

Event Record #/Type64242 / Error
Event Submitted/Written: 04/03/2008 02:52:44 AM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom1, has a bad block.



-- End of Deckard's System Scanner: finished at 2008-04-03 14:03:22 ------------

Thank you so much for all your help so far :thumbsup:

#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:12 AM

Posted 03 April 2008 - 08:05 AM

Hi again. :blink:

You seem to have two firewalls.

FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.)
FW: Norton 360 v2007 (SYMANTEC Corporation)

Please choose either Norton or Sygate for a firewall and only use one active at-a-time. I would suggest uninstalling the other now. Two WILL cause conflicts.

Also, PLEASE MAKE SURE SpyBot S&D TeaTimer is shut down as instructed earlier. It will prevent some of the fixes otherwise..

--

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\userconfig9x.dll
    C:\WINDOWS\system32winlogonpc.exe
    C:\WINDOWS\system32thun32.dll
    C:\WINDOWS\system32thun.dll
    C:\WINDOWS\system32temp#01.exe
    C:\WINDOWS\system32taack.exe
    C:\WINDOWS\system32taack.dat
    C:\WINDOWS\system32ssvchost.exe
    C:\WINDOWS\system32ssvchost.com
    C:\WINDOWS\system32ssurf022.dll
    C:\WINDOWS\system32sncntr.exe
    C:\WINDOWS\system32Rundl1.exe
    C:\WINDOWS\system32regm64.dll
    C:\WINDOWS\system32regc64.dll
    C:\WINDOWS\system32psoft1.exe
    C:\WINDOWS\system32psof1.exe
    C:\WINDOWS\system32ps1.exe
    C:\WINDOWS\system32netode.exe
    C:\WINDOWS\system32mwin32.exe
    C:\WINDOWS\system32mtr2.exe
    C:\WINDOWS\system32msvchost.exe
    C:\WINDOWS\system32msnbho.dll
    C:\WINDOWS\system32msgp.exe
    C:\WINDOWS\system32medup020.dll
    C:\WINDOWS\system32medup012.dll
    C:\WINDOWS\system32hxiwlgpm.exe
    C:\WINDOWS\system32hxiwlgpm.dat
    C:\WINDOWS\system32hoproxy.dll
    C:\WINDOWS\system32h@tkeysh@@k.dll
    C:\WINDOWS\system32dpcproxy.exe
    C:\WINDOWS\system32bsva-egihsg52.exe
    C:\WINDOWS\FVProtect.exe
    C:\WINDOWS\a.bat
    C:\WINDOWS\winsystem.exe
    C:\WINDOWS\system32WINWGPX.EXE
    C:\WINDOWS\system32winsystem.exe
    C:\WINDOWS\system32vcatchpi.dll
    C:\WINDOWS\system32vbsys2.dll
    C:\WINDOWS\system32sysreq.exe
    C:\WINDOWS\system32newsd32.exe
    C:\WINDOWS\system32mssecu.exe
    C:\WINDOWS\system32emesx.dll
    C:\WINDOWS\system32bdn.com
    C:\WINDOWS\system32awtoolb.dll
    C:\WINDOWS\system32anticipator.dll
    C:\WINDOWS\system32akttzn.exe


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

----

Then..

Go to Start » Run » type in: regedit » OK.
  • On the leftside, click to highlight My Computer at the top.
  • Go up to File » Export
    Make sure in that window there is a tick next to "All" under Export Branch.
    Leave the "Save As Type" as "Registration Files".
    Under "Filename" put RegBackup.
  • Choose to save it to C:\
  • Click Save and then go to File » Exit.
This is so the registry can be restored to this point if we need it. It may take a minute.

Next, please copy the following text in the quotebox below to a blank notepad file. Make sure the filetype is set to "All Files" and save it as Fixit.reg on your desktop.

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48d07754-dd86-11dc-9be9-000ea67065fa}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5f788be-1380-11dc-9a84-000ea67065fa}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edeaefba-e3ec-11dc-9bf0-000ea67065fa}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eeb89e9a-1699-11dc-9a89-001195fac336}]

Now double-click on the Fixit.reg on your desktop and allow it to merge with registry by clicking YES on the prompt.

If SpyBot is still actived and asks about a registry change doing this; please allow it.

Finally, please rerun DSS and post back with a fresh log once done. :thumbsup:
Hi there, stranger!

#5 Rekkel

Rekkel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 03 April 2008 - 07:22 PM

Hi again.

I unchecked the wrong box in spybot. Sorry, got the right one now. Done everything else now except for the last part. When i double click on the Fixit.reg file on my desktop it's prompting which program to open it with? I don't know

Thanks

#6 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:12 AM

Posted 04 April 2008 - 03:24 AM

Let's disregard that for a moment. :thumbsup:

Please follow the instructions for running ComboFix here and post back with it's log.
Hi there, stranger!

#7 Rekkel

Rekkel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 04 April 2008 - 05:33 AM

Ok here it is ... :thumbsup:

ComboFix 08-04-03.3 - Administrator 2008-04-04 12:16:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1061 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\base64.tmp
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SZKG5


((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-04-04 02:11 . 2008-04-04 02:11 90,085,434 --a------ C:\RegBackup.reg
2008-04-04 01:31 . 2008-04-04 01:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-03 14:00 . 2008-04-03 14:00 <DIR> d-------- C:\Deckard
2008-04-02 03:41 . 2008-04-02 03:41 <DIR> d-------- C:\N360_BACKUP
2008-04-02 03:40 . 2008-04-02 15:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-02 03:35 . 2008-04-02 03:35 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Symantec
2008-04-02 03:32 . 2008-04-04 01:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-02 03:29 . 2008-04-04 01:43 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-02 03:00 . 2008-04-02 03:00 <DIR> d--hs---- C:\Documents and Settings\NetworkService\UserData
2008-04-01 16:32 . 2008-04-01 16:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-01 16:32 . 2008-04-01 16:32 1,612 --a------ C:\HijackThis.lnk
2008-04-01 09:50 . 2008-04-01 10:40 <DIR> d-------- C:\Documents and Settings\NetworkService\.housecall6.6
2008-04-01 09:39 . 2008-04-01 09:39 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-04-01 09:38 . 2008-04-01 11:19 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-04-01 09:38 . 2008-04-01 09:38 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2008-04-01 09:38 . 2008-04-01 09:39 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-04-01 09:32 . 2008-04-01 09:32 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\yahoo!
2008-04-01 00:52 . 2008-04-01 00:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-01 00:52 . 2008-04-01 00:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 00:27 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-04-01 00:27 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-04-01 00:27 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-04-01 00:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-04-01 00:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-04-01 00:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-04-01 00:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-04-01 00:26 . 2008-04-01 00:26 <DIR> d-------- C:\Program Files\Sygate
2008-04-01 00:23 . 2008-04-01 09:52 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-01 00:14 . 2008-04-01 00:14 98 --a------ C:\WINDOWS\wininit.ini
2008-04-01 00:01 . 2008-04-01 04:41 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-03-31 23:59 . 2008-04-01 05:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\HouseCall 6.6
2008-03-31 22:12 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-31 22:12 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-31 22:12 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-31 22:12 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-31 22:12 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-31 21:13 . 2008-03-31 22:12 3,184 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-31 20:19 . 2008-03-31 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-31 20:19 . 2008-03-31 20:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-03-31 19:33 . 2008-03-31 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-03-31 19:32 . 2008-03-31 19:32 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-03-31 19:32 . 2008-03-31 22:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-03-31 19:28 . 2008-03-31 22:05 <DIR> d-------- C:\Program Files\RegClean
2008-03-31 19:28 . 2008-03-31 19:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\RegClean
2008-03-30 17:59 . 2008-03-31 11:34 82 --a------ C:\WINDOWS\mafosav.INI
2008-03-28 11:47 . 2008-03-28 11:52 <DIR> d-------- C:\SIMON2
2008-03-28 11:45 . 2008-03-28 11:45 <DIR> d-------- C:\SIERRA
2008-03-28 10:00 . 2008-03-28 10:00 <DIR> d-------- C:\Buziol Games
2008-03-27 10:46 . 2008-03-27 10:46 <DIR> d-------- C:\Program Files\IA
2008-03-26 15:52 . 2008-03-26 15:52 <DIR> d-------- C:\Program Files\Trisnap Technologies
2008-03-26 15:52 . 2004-03-09 01:00 662,288 --a------ C:\WINDOWS\system32\mscomct2.ocx
2008-03-26 15:52 . 2006-04-13 22:05 159,744 --a------ C:\WINDOWS\system32\hasher.dll
2008-03-26 15:36 . 2008-03-26 15:36 <DIR> d--h----- C:\WINDOWS\PIF
2008-03-25 11:07 . 2008-03-25 11:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GlarySoft
2008-03-25 10:58 . 2008-03-26 15:36 <DIR> d-------- C:\Program Files\Netcom3 Cleaner
2008-03-24 23:47 . 2008-04-01 11:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-24 23:47 . 2008-04-01 00:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-24 04:23 . 2008-03-24 23:32 144 --a------ C:\WINDOWS\7THLEVEL.INI
2008-03-24 03:04 . 2008-03-24 03:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-03-24 02:47 . 2008-03-25 00:01 <DIR> d-------- C:\My Download Files
2008-03-24 02:47 . 2008-03-24 02:47 802,816 --a------ C:\WINDOWS\feedingfrenzy.scr
2008-03-24 02:46 . 2008-03-24 02:45 774,144 --a------ C:\Program Files\RngInterstitial.dll
2008-03-24 02:45 . 2008-03-24 02:45 <DIR> d-------- C:\Program Files\Real
2008-03-24 02:45 . 2008-03-25 00:23 <DIR> d-------- C:\Program Files\Common Files\Real
2008-03-24 02:24 . 1994-08-28 14:33 398,416 --a------ C:\WINDOWS\system\VBRUN300.DLL
2008-03-24 02:24 . 1993-04-28 00:00 72,192 --a------ C:\WINDOWS\system\GSWDLL.DLL
2008-03-24 02:24 . 1993-04-28 00:00 70,800 --a------ C:\WINDOWS\system\GRAPH.VBX
2008-03-24 02:24 . 1993-04-28 00:00 64,544 --a------ C:\WINDOWS\system\THREED.VBX
2008-03-24 02:24 . 1992-10-21 07:00 38,400 --a------ C:\WINDOWS\system\DDEML.DLL
2008-03-24 02:24 . 1993-04-28 00:00 31,440 --a------ C:\WINDOWS\system\GAUGE.VBX
2008-03-24 02:24 . 1993-04-28 00:00 7,008 --a------ C:\WINDOWS\system\SETUPKIT.DLL
2008-03-24 02:24 . 2008-03-24 02:24 144 --a------ C:\WINDOWS\SEXYB.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 09:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2008-04-03 23:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-04-02 01:27 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-01 08:46 --------- d-----w C:\Program Files\AlienGUIse
2008-03-31 22:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-31 20:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\social.im
2008-03-31 19:59 --------- d-----w C:\Program Files\Google
2008-03-31 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 19:44 --------- d-----w C:\Program Files\Canon
2008-03-28 16:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\dvdcss
2008-03-28 07:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\GrabIt
2008-03-24 22:13 --------- d-----w C:\Program Files\Snowy The Bears Adventure
2008-02-24 21:25 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-02-13 18:52 --------- d-----w C:\Program Files\Player
2008-02-12 10:29 --------- d-----w C:\Program Files\GrabIt
2008-02-10 11:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-04 18:59 --------- d-----w C:\Program Files\Zylom Games
2008-02-04 12:11 --------- d-----w C:\Program Files\Java
2008-02-04 12:10 --------- d-----w C:\Program Files\Common Files\Java
2008-02-04 09:20 --------- d-----w C:\Documents and Settings\Administrator\Application Data\TransRender
2008-01-09 13:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-01-11 15:07 58,032,562 ----a-w C:\Program Files\Samsung_PC_Studio_311_FKB.exe
2005-12-06 22:56 17,144 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 19:43 4670704]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 16:59 224248]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-30 12:31 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-06-05 16:49 118784 C:\WINDOWS\system32\ptipbmf.dll]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-14 22:05 344064]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 09:57 143360]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 16:43 45056]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 03:07 110592 C:\WINDOWS\system32\bthprops.cpl]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 16:59 224248]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 03:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 00:16 39792]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [ ]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-04 01:31 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:07 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-04 01:31 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 03:07 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 00:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enGB-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.0-enGB-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-0.10.0.5140-enGB-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\GrabIt\\GrabIt.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 13:17]
S3 pnicml;pnicml;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pnicml.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 19:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 19:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 19:59]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48d07754-dd86-11dc-9be9-000ea67065fa}]
\Shell\Auto\command - driver.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL driver.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5f788be-1380-11dc-9a84-000ea67065fa}]
\Shell\Auto\command - RavMon.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eeb89e9a-1699-11dc-9a89-001195fac336}]
\Shell\Auto\command - RavMon.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 12:20:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WgaTray.exe
.
**************************************************************************
.
Completion time: 2008-04-04 12:22:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-04 10:22:25
Pre-Run: 21,671,911,424 bytes free
Post-Run: 21,598,797,824 bytes free
.
2008-03-22 01:02:02 --- E O F ---

#8 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:12 AM

Posted 04 April 2008 - 05:45 AM

Hi again. :thumbsup:

Please open notepad and copy/paste the text in the quotebox into it

Driver::
pnicml

File::
C:\WINDOWS\SEXYB.INI
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pnicml.sys

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48d07754-dd86-11dc-9be9-000ea67065fa}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5f788be-1380-11dc-9a84-000ea67065fa}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edeaefba-e3ec-11dc-9bf0-000ea67065fa}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eeb89e9a-1699-11dc-9a89-001195fac336}]


Save it as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Hi there, stranger!

#9 Rekkel

Rekkel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 04 April 2008 - 06:18 AM

Here we are :thumbsup:

ComboFix 08-04-03.3 - Administrator 2008-04-04 13:09:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1084 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pnicml.sys
C:\WINDOWS\SEXYB.INI
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SEXYB.INI

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PNICML
-------\Service_pnicml


((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-04-04 02:11 . 2008-04-04 02:11 90,085,434 --a------ C:\RegBackup.reg
2008-04-04 01:31 . 2008-04-04 01:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-03 14:00 . 2008-04-03 14:00 <DIR> d-------- C:\Deckard
2008-04-02 03:41 . 2008-04-02 03:41 <DIR> d-------- C:\N360_BACKUP
2008-04-02 03:40 . 2008-04-02 15:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-02 03:35 . 2008-04-02 03:35 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Symantec
2008-04-02 03:32 . 2008-04-04 01:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-02 03:29 . 2008-04-04 01:43 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-02 03:00 . 2008-04-02 03:00 <DIR> d--hs---- C:\Documents and Settings\NetworkService\UserData
2008-04-01 16:32 . 2008-04-01 16:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-01 16:32 . 2008-04-01 16:32 1,612 --a------ C:\HijackThis.lnk
2008-04-01 09:50 . 2008-04-01 10:40 <DIR> d-------- C:\Documents and Settings\NetworkService\.housecall6.6
2008-04-01 09:39 . 2008-04-01 09:39 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-04-01 09:38 . 2008-04-01 11:19 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-04-01 09:38 . 2008-04-01 09:38 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2008-04-01 09:38 . 2008-04-01 09:39 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-04-01 09:32 . 2008-04-01 09:32 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\yahoo!
2008-04-01 00:52 . 2008-04-01 00:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-01 00:52 . 2008-04-01 00:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 00:27 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-04-01 00:27 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-04-01 00:27 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-04-01 00:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-04-01 00:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-04-01 00:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-04-01 00:27 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-04-01 00:26 . 2008-04-01 00:26 <DIR> d-------- C:\Program Files\Sygate
2008-04-01 00:23 . 2008-04-01 09:52 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-01 00:14 . 2008-04-01 00:14 98 --a------ C:\WINDOWS\wininit.ini
2008-04-01 00:01 . 2008-04-01 04:41 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-03-31 23:59 . 2008-04-01 05:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\HouseCall 6.6
2008-03-31 22:12 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-31 22:12 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-31 22:12 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-31 22:12 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-31 22:12 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-31 21:13 . 2008-03-31 22:12 3,184 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-31 20:19 . 2008-03-31 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-31 20:19 . 2008-03-31 20:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-03-31 19:33 . 2008-03-31 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-03-31 19:32 . 2008-03-31 19:32 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-03-31 19:32 . 2008-03-31 22:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-03-31 19:28 . 2008-03-31 22:05 <DIR> d-------- C:\Program Files\RegClean
2008-03-31 19:28 . 2008-03-31 19:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\RegClean
2008-03-30 17:59 . 2008-03-31 11:34 82 --a------ C:\WINDOWS\mafosav.INI
2008-03-28 11:47 . 2008-03-28 11:52 <DIR> d-------- C:\SIMON2
2008-03-28 11:45 . 2008-03-28 11:45 <DIR> d-------- C:\SIERRA
2008-03-28 10:00 . 2008-03-28 10:00 <DIR> d-------- C:\Buziol Games
2008-03-27 10:46 . 2008-03-27 10:46 <DIR> d-------- C:\Program Files\IA
2008-03-26 15:52 . 2008-03-26 15:52 <DIR> d-------- C:\Program Files\Trisnap Technologies
2008-03-26 15:52 . 2004-03-09 01:00 662,288 --a------ C:\WINDOWS\system32\mscomct2.ocx
2008-03-26 15:52 . 2006-04-13 22:05 159,744 --a------ C:\WINDOWS\system32\hasher.dll
2008-03-26 15:36 . 2008-03-26 15:36 <DIR> d--h----- C:\WINDOWS\PIF
2008-03-25 11:07 . 2008-03-25 11:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GlarySoft
2008-03-25 10:58 . 2008-03-26 15:36 <DIR> d-------- C:\Program Files\Netcom3 Cleaner
2008-03-24 23:47 . 2008-04-01 11:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-24 23:47 . 2008-04-01 00:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-24 04:23 . 2008-03-24 23:32 144 --a------ C:\WINDOWS\7THLEVEL.INI
2008-03-24 03:04 . 2008-03-24 03:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-03-24 02:47 . 2008-03-25 00:01 <DIR> d-------- C:\My Download Files
2008-03-24 02:47 . 2008-03-24 02:47 802,816 --a------ C:\WINDOWS\feedingfrenzy.scr
2008-03-24 02:46 . 2008-03-24 02:45 774,144 --a------ C:\Program Files\RngInterstitial.dll
2008-03-24 02:45 . 2008-03-24 02:45 <DIR> d-------- C:\Program Files\Real
2008-03-24 02:45 . 2008-03-25 00:23 <DIR> d-------- C:\Program Files\Common Files\Real
2008-03-24 02:24 . 1994-08-28 14:33 398,416 --a------ C:\WINDOWS\system\VBRUN300.DLL
2008-03-24 02:24 . 1993-04-28 00:00 72,192 --a------ C:\WINDOWS\system\GSWDLL.DLL
2008-03-24 02:24 . 1993-04-28 00:00 70,800 --a------ C:\WINDOWS\system\GRAPH.VBX
2008-03-24 02:24 . 1993-04-28 00:00 64,544 --a------ C:\WINDOWS\system\THREED.VBX
2008-03-24 02:24 . 1992-10-21 07:00 38,400 --a------ C:\WINDOWS\system\DDEML.DLL
2008-03-24 02:24 . 1993-04-28 00:00 31,440 --a------ C:\WINDOWS\system\GAUGE.VBX
2008-03-24 02:24 . 1993-04-28 00:00 7,008 --a------ C:\WINDOWS\system\SETUPKIT.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 09:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2008-04-03 23:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-04-02 01:27 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-01 08:46 --------- d-----w C:\Program Files\AlienGUIse
2008-03-31 22:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-31 20:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\social.im
2008-03-31 19:59 --------- d-----w C:\Program Files\Google
2008-03-31 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 19:44 --------- d-----w C:\Program Files\Canon
2008-03-28 16:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\dvdcss
2008-03-28 07:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\GrabIt
2008-03-24 22:13 --------- d-----w C:\Program Files\Snowy The Bears Adventure
2008-02-24 21:25 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-02-13 18:52 --------- d-----w C:\Program Files\Player
2008-02-12 10:29 --------- d-----w C:\Program Files\GrabIt
2008-02-10 11:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-04 18:59 --------- d-----w C:\Program Files\Zylom Games
2008-02-04 12:11 --------- d-----w C:\Program Files\Java
2008-02-04 12:10 --------- d-----w C:\Program Files\Common Files\Java
2008-02-04 09:20 --------- d-----w C:\Documents and Settings\Administrator\Application Data\TransRender
2008-01-09 13:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-01-11 15:07 58,032,562 ----a-w C:\Program Files\Samsung_PC_Studio_311_FKB.exe
2005-12-06 22:56 17,144 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 19:43 4670704]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 16:59 224248]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-30 12:31 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-06-05 16:49 118784 C:\WINDOWS\system32\ptipbmf.dll]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-14 22:05 344064]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 09:57 143360]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 16:43 45056]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 03:07 110592 C:\WINDOWS\system32\bthprops.cpl]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 16:59 224248]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 03:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 00:16 39792]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [ ]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-04 01:31 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:07 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-04 01:31 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 03:07 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 00:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enGB-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.0-enGB-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-0.10.0.5140-enGB-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\GrabIt\\GrabIt.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 13:17]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 19:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 19:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 19:59]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 13:13:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-04-04 13:15:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-04 11:15:14
ComboFix2.txt 2008-04-04 10:22:29
Pre-Run: 21,650,690,048 bytes free
Post-Run: 21,641,068,544 bytes free
.
2008-03-22 01:02:02 --- E O F ---

#10 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:12 AM

Posted 04 April 2008 - 06:23 AM

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 5 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 5...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. They should have next icon next to it: Posted Image
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u5-windows-i586-p.exe to install the newest version.
Now to clean out the Java cache:

Go into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Settings button.
  • Then click Delete Files...
  • There are two options in the window to clear the cache - Leave BOTH checked
Applications and Applets
Trace and Log Files

  • Click OK on Delete Temporary Files window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
------

Please post a fresh HijackThis log and let me know how's the system running at this point :thumbsup:
Hi there, stranger!

#11 Rekkel

Rekkel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 04 April 2008 - 07:05 AM

Hi there.

Well the pop-ups stating that i have spyware on my pc and the system integrity scan wizard pop-up have gone it seems :thumbsup:

The SNAP.EXE app that is on my desktop i am still unable to remove. Below is my new HijackThis log, thanks again for all your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:57:44, on 04/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129486872515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134064576953
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9197 bytes

#12 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:12 AM

Posted 04 April 2008 - 07:12 AM

Please download FileFind by Atribune and save it to your desktop.
  • Right-click the zip file and click "Extract All"
  • Double-click FileFind.exe to run the tool.
  • Leave the directory setting to C:\
  • Enter this filename for a search:
    • snap.exe
  • As the search finishes, click export and notepad page will open with the results.
  • Copy the contents of both those search results into the next reply. :thumbsup:

Hi there, stranger!

#13 Rekkel

Rekkel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 04 April 2008 - 07:19 AM

Ok here we are

C:\Documents and Settings\Administrator\Desktop\SNAP.EXE - 8732 Bytes

1 Files found in 4800 Directories

#14 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:12 AM

Posted 04 April 2008 - 07:22 AM

Alrighty. :thumbsup:

Please copy the following text in the quotebox below to a blank notepad file. Make sure the filetype is set to "All Files" and save it as delete.bat on your desktop.

@echo off

attrib -r -h C:\Documents and Settings\Administrator\Desktop\SNAP.EXE
del /a /f /q C:\Documents and Settings\Administrator\Desktop\SNAP.EXE
del delete.bat
exit

Now double-click on the delete.bat on your desktop -- a window will popup and close, this is normal.

Snap.exe still there?
Hi there, stranger!

#15 Rekkel

Rekkel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 04 April 2008 - 07:28 AM

Ok i tried it, snap.exe is still there. When i try shift del on it, it says in use by another person or program.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users