Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cid / 888 Adware Infestation


  • This topic is locked This topic is locked
15 replies to this topic

#1 #DespeRATE

#DespeRATE

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 15 April 2008 - 03:18 AM

Hi all.

Hope you can help me down here. Greatly appreciated.

Some time back, maybe 3 days ago, I've been attacked by some CiD / 888 Adwares.
Norton, Spyware Doctor, Spybot Search & Destroy detected none of the adwares.

The main.txt is attached below, for some reason or another, there is no extra.txt
_______________________________________________________________________

Following is the main.txt :

Deckard's System Scanner v20071014.68
Run by Mr Garrick on 2008-04-15 16:10:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 1014 MiB (1024 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-15 16:11:24
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\wininit.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\services.exe
C:\Windows\System32\lsass.exe
C:\Windows\System32\lsm.exe
C:\Windows\System32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SLsvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SearchIndexer.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\winlogon.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Windows\System32\LogonUI.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\winlogon.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\wisptis.exe
C:\Windows\System32\dwm.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe
C:\Users\Mr Garrick\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WaitDrv] "C:\ProgramData\wipe22.ofjnsd4"
O4 - HKCU\..\Run: [Pure Team Open Exit] "C:\ProgramData\Spam Body Mp3.dyi1b0"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/8/b...heckControl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


--
End of file - 11412 bytes

-- Files created between 2008-03-15 and 2008-04-15 -----------------------------

2008-04-14 16:55:56 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-14 16:32:09 318 --a------ C:\delete.bat
2008-04-08 16:42:21 0 d--h----- C:\485a55da
2008-04-07 22:17:02 0 d-------- C:\Users\All Users\NextUp
2008-04-07 19:52:07 0 d-------- C:\Program Files\Spyware Doctor
2008-04-05 09:59:01 0 d-------- C:\Users\All Users\Messenger Plus!
2008-04-05 09:56:44 0 d-------- C:\Users\All Users\Option Camp Pure Team
2008-04-05 09:56:18 0 d-------- C:\Users\All Users\GrimProc
2008-04-05 09:55:55 0 d-------- C:\Program Files\Circle Developement
2008-04-05 09:55:48 0 d-------- C:\Program Files\Messenger Plus! Live
2008-04-01 17:22:41 0 d-------- C:\Users\All Users\Apple
2008-04-01 17:22:41 0 d-------- C:\Program Files\Apple Software Update
2008-03-29 09:13:41 0 d--h----- C:\Windows\msdownld.tmp
2008-03-29 09:13:36 0 d-------- C:\Windows\system32\directx
2008-03-28 20:50:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-26 22:08:09 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-26 21:58:23 0 d-------- C:\Users\Mr Garrick\Tracing
2008-03-25 17:16:17 0 d-------- C:\Program Files\The Game Creators
2008-03-25 17:14:50 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-22 19:45:13 0 d-------- C:\Program Files\AlphaZIP
2008-03-21 12:47:39 0 d-------- C:\Program Files\Vstplugins
2008-03-21 12:47:07 0 d-------- C:\Users\All Users\Sony
2008-03-21 12:45:38 0 d-------- C:\Program Files\Sony
2008-03-21 12:39:40 0 d-------- C:\Windows\system32\appmgmt
2008-03-20 21:19:14 0 d-------- C:\Program Files\Sony Setup
2008-03-20 07:55:13 0 dr------- C:\Users\Guest1\Searches
2008-03-20 07:54:51 0 dr------- C:\Users\Guest1\Contacts
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\Templates
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\Start Menu
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\SendTo
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\Recent
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\PrintHood
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\NetHood
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\My Documents
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\Local Settings
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\Cookies
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\Application Data
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Videos
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Saved Games
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Pictures
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Music
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Links
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Favorites
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Downloads
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Documents
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Desktop
2008-03-20 07:54:24 0 d--h----- C:\Users\Guest1\AppData
2008-03-20 07:54:23 524288 --ahs---- C:\Users\Guest1\NTUSER.DAT
2008-03-18 17:37:52 0 d-a------ C:\Users\All Users\TEMP
2008-03-18 16:08:02 0 d-------- C:\Users\All Users\pI3demoLicense
2008-03-18 07:58:22 0 dr------- C:\Users\Guest\Searches
2008-03-18 07:58:04 0 dr------- C:\Users\Guest\Contacts
2008-03-18 07:57:51 0 d--hs---- C:\Users\Guest\Templates
2008-03-18 07:57:51 0 d--hs---- C:\Users\Guest\Start Menu
2008-03-18 07:57:51 0 d--hs---- C:\Users\Guest\SendTo
2008-03-18 07:57:51 0 d--hs---- C:\Users\Guest\Recent
2008-03-18 07:57:51 0 d--hs---- C:\Users\Guest\PrintHood
2008-03-18 07:57:51 0 d--hs---- C:\Users\Guest\NetHood
2008-03-18 07:57:51 0 d--hs---- C:\Users\Guest\My Documents
2008-03-18 07:57:51 0 d--hs---- C:\Users\Guest\Local Settings
2008-03-18 07:57:51 0 d--hs---- C:\Users\Guest\Cookies
2008-03-18 07:57:51 0 d--hs---- C:\Users\Guest\Application Data
2008-03-18 07:57:49 0 dr------- C:\Users\Guest\Videos
2008-03-18 07:57:49 0 dr------- C:\Users\Guest\Saved Games
2008-03-18 07:57:49 0 dr------- C:\Users\Guest\Pictures
2008-03-18 07:57:49 786432 --ahs---- C:\Users\Guest\NTUSER.DAT
2008-03-18 07:57:49 0 dr------- C:\Users\Guest\Music
2008-03-18 07:57:49 0 dr------- C:\Users\Guest\Links
2008-03-18 07:57:49 0 dr------- C:\Users\Guest\Favorites
2008-03-18 07:57:49 0 dr------- C:\Users\Guest\Downloads
2008-03-18 07:57:49 0 dr------- C:\Users\Guest\Documents
2008-03-18 07:57:49 0 dr------- C:\Users\Guest\Desktop
2008-03-18 07:57:49 0 d--h----- C:\Users\Guest\AppData
2008-03-15 17:41:26 0 d-------- C:\Program Files\EUSING~1
2008-03-15 09:40:52 0 d-------- C:\Program Files\MSXML 4.0


-- Find3M Report ---------------------------------------------------------------

2008-04-15 16:06:26 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\uTorrent
2008-04-08 18:41:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-07 19:52:07 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\PC Tools
2008-03-28 20:50:58 0 d-------- C:\Program Files\Common Files
2008-03-27 18:03:31 0 d-------- C:\Program Files\Windows Live
2008-03-26 22:03:48 0 d-------- C:\Program Files\Windows Live Toolbar
2008-03-18 17:38:21 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Publish Providers
2008-03-18 17:37:43 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Sony
2008-03-16 23:03:32 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Adobe
2008-03-16 23:01:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-14 17:34:55 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Symantec
2008-03-14 08:45:29 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Macrovision
2008-03-14 08:43:40 0 d-------- C:\Program Files\Norton 360
2008-03-13 22:15:07 0 d-------- C:\Program Files\YouTube Downloader 3000
2008-03-13 22:07:14 0 d-------- C:\Program Files\Symantec
2008-03-13 22:05:30 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-13 20:05:23 0 d-------- C:\Program Files\Vodafone
2008-03-13 19:55:30 0 d-------- C:\Program Files\Bonjour
2008-03-13 19:42:30 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-12 19:58:37 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\WinRAR
2008-03-10 21:16:46 0 d-------- C:\Program Files\uTorrent
2008-03-08 17:24:43 0 d-------- C:\Program Files\Java
2008-03-07 13:47:50 0 d-------- C:\Program Files\Maxtor
2008-03-07 09:56:14 0 d-------- C:\Program Files\Common Files\Java
2008-03-06 18:54:14 0 d-------- C:\Program Files\Microsoft Works
2008-03-06 18:52:05 0 d-------- C:\Program Files\Microsoft.NET
2008-03-05 20:14:00 174 --ahs---- C:\Program Files\desktop.ini
2008-03-05 20:04:41 0 d-------- C:\Program Files\Windows Calendar
2008-03-05 20:04:38 0 d-------- C:\Program Files\Windows Mail
2008-03-05 20:04:34 0 d-------- C:\Program Files\Windows Defender
2008-03-05 20:04:17 0 d-------- C:\Program Files\Windows Sidebar
2008-03-05 19:15:08 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-05 11:30:48 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Macromedia
2008-03-05 11:24:25 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-03-05 10:56:16 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Identities


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [05/03/2008 07:48 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [06/09/2007 02:53 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [18/07/2007 09:54 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29/01/2008 05:38 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 10:16 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 12:55 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [05/03/2008 07:35 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 08:34 PM]
"ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [29/03/2007 03:41 PM]
"WaitDrv"="C:\ProgramData\wipe22.ofjnsd4" [05/04/2008 09:56 AM]
"Pure Team Open Exit"="C:\ProgramData\Spam Body Mp3.dyi1b0" [05/04/2008 09:56 AM]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [10/03/2008 09:16 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 08:33 PM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43 AM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 11:34 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fa32aa5-ebe5-11dc-a360-000000000000}]
AutoRun\command- .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d87ae59-0176-11dd-b936-000000000000}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4931c9a7-f549-11dc-99e1-000000000000}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
Open\command- Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71fe427a-fc64-11dc-9486-000000000000}]
Auto\command- F:\sunny.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\sunny.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b59c2c24-f0f0-11dc-a0bd-000000000000}]
AutoRun\command- F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b59c2c4a-f0f0-11dc-a0bd-000000000000}]
AutoRun\command- F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9b1a928-f029-11dc-abac-000000000000}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2e46edf-02fc-11dd-8924-000000000000}]
Auto\command- sunny.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sunny.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-15 16:12:41 ------------

BC AdBot (Login to Remove)

 


m

#2 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:49 AM

Posted 16 April 2008 - 10:20 AM

Hello!

====================================================

Download ATF-Cleaner by Atribune to your desktop.

Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

====================================================

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
====================================================
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#3 #DespeRATE

#DespeRATE
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 17 April 2008 - 09:59 AM

Hi there !

Sorry for the late Reply. Im just wondering if the AVG anti virus would affect or clash with my norton 360.

I will post my report in around 10mins after I installed the trial version of the AVG.

Now my laptop's exceptionally lagging with 3 main adwares I think, namely :

CiD Adware (Popups)
888 Adware (Popups)
Partypoker Adware (Popups)

Ok, I will run the scan now in safe mode, will post results in 10mins.

Thx for everything.

#4 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:49 AM

Posted 17 April 2008 - 10:30 AM

Ok, i'll be waiting
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#5 #DespeRATE

#DespeRATE
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 17 April 2008 - 11:21 AM

Sorry. computer hanged and freezed for quite some time before my AVG finally works.

Now scanning, sorry for all inconveniences caused.

Halfway through...

#6 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:49 AM

Posted 17 April 2008 - 04:31 PM

Did it work?
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#7 #DespeRATE

#DespeRATE
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 18 April 2008 - 05:18 AM

Umms. Sorry for the late reply, really.

This is the detailed report for the AVG scan, after failing over 10 times and rebooting it ... Ran in SAFE mode.

The 3 adwares (888,partpoker and CiD is still popping out in my com) and it's still slowing down my computer
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:10:47 AM 18/4/2008

+ Scan result:



HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{4d1e55b2-f16f-11cf-88cb-001111000030}\##?#HID#FUJ02E5&Col02#5&5967957&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}\# -> Adware.SpywareWall : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FEABAD8F-0DA5-4408-9B44-D559A1DF99A8}\RP172\A0093298.exe -> Dropper.Agent.eya : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FEABAD8F-0DA5-4408-9B44-D559A1DF99A8}\RP172\A0093299.exe -> Dropper.Agent.eya : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FEABAD8F-0DA5-4408-9B44-D559A1DF99A8}\RP172\A0093300.exe -> Dropper.Agent.eya : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FEABAD8F-0DA5-4408-9B44-D559A1DF99A8}\RP172\A0093301.exe -> Dropper.Agent.eya : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FEABAD8F-0DA5-4408-9B44-D559A1DF99A8}\RP172\A0093302.exe -> Dropper.Agent.eya : Cleaned with backup (quarantined).
C:\Windows.old\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YXB8880Z\upgrade[1].cab/upgrade.exe -> Not-A-Virus.Adware.OneStep : Cleaned with backup (quarantined).
C:\Windows.old\Windows\Temp\ONE4B.tmp\upgrade.exe -> Not-A-Virus.Adware.OneStep : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FEABAD8F-0DA5-4408-9B44-D559A1DF99A8}\RP172\A0093290.dll -> Not-A-Virus.Adware.Vapsup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FEABAD8F-0DA5-4408-9B44-D559A1DF99A8}\RP172\A0093291.dll -> Not-A-Virus.Adware.Vapsup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FEABAD8F-0DA5-4408-9B44-D559A1DF99A8}\RP172\A0093292.dll -> Not-A-Virus.Adware.Vapsup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FEABAD8F-0DA5-4408-9B44-D559A1DF99A8}\RP172\A0093293.dll -> Not-A-Virus.Adware.Vapsup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{FEABAD8F-0DA5-4408-9B44-D559A1DF99A8}\RP172\A0093296.exe -> Not-A-Virus.Adware.Vapsup : Cleaned with backup (quarantined).
C:\Windows.old\Documents and Settings\Guest One\Cookies\guest one@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Users\Mr Garrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\mr_garrick@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Users\Mr Garrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\mr_garrick@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.20:C:\Windows.old\Documents and Settings\Guest One\Application Data\Mozilla\Firefox\Profiles\2w1dd6rg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\Windows.old\Documents and Settings\Guest One\Application Data\Mozilla\Firefox\Profiles\2w1dd6rg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.30:C:\Windows.old\Documents and Settings\Guest One\Application Data\Mozilla\Firefox\Profiles\2w1dd6rg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.31:C:\Windows.old\Documents and Settings\Guest One\Application Data\Mozilla\Firefox\Profiles\2w1dd6rg.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Windows.old\Documents and Settings\Garrick Lim\Local Settings\Temp\Cookies\garrick lim@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Windows.old\Documents and Settings\Guest One\Cookies\guest one@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Windows.old\Documents and Settings\Guest One\Cookies\guest one@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Windows.old\Documents and Settings\Guest One\Cookies\guest one@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Windows.old\Documents and Settings\Guest One\Cookies\guest one@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Windows.old\Documents and Settings\Guest One\Cookies\guest one@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Users\Mr Garrick\AppData\Roaming\Microsoft\Windows\Cookies\Low\mr_garrick@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.15:C:\Windows.old\Documents and Settings\Guest One\Application Data\Mozilla\Firefox\Profiles\2w1dd6rg.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Windows.old\Documents and Settings\Garrick Lim\Local Settings\Temp\Cookies\garrick lim@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Windows.old\Documents and Settings\Guest One\Cookies\guest one@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Windows.old\Documents and Settings\Guest One\Cookies\guest one@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.94:C:\Windows.old\Documents and Settings\Guest One\Application Data\Mozilla\Firefox\Profiles\2w1dd6rg.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.95:C:\Windows.old\Documents and Settings\Guest One\Application Data\Mozilla\Firefox\Profiles\2w1dd6rg.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.48:C:\Windows.old\Documents and Settings\Guest One\Application Data\Mozilla\Firefox\Profiles\2w1dd6rg.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.49:C:\Windows.old\Documents and Settings\Guest One\Application Data\Mozilla\Firefox\Profiles\2w1dd6rg.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Windows.old\Documents and Settings\Guest One\Cookies\guest one@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Windows.old\Documents and Settings\Guest One\Cookies\guest one@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.21:C:\Windows.old\Documents and Settings\Guest One\Application Data\Mozilla\Firefox\Profiles\2w1dd6rg.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.28:C:\Windows.old\Documents and Settings\Guest One\Application Data\Mozilla\Firefox\Profiles\2w1dd6rg.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.22:C:\Windows.old\Documents and Settings\Guest One\Application Data\Mozilla\Firefox\Profiles\2w1dd6rg.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.23:C:\Windows.old\Documents and Settings\Guest One\Application Data\Mozilla\Firefox\Profiles\2w1dd6rg.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.24:C:\Windows.old\Documents and Settings\Guest One\Application Data\Mozilla\Firefox\Profiles\2w1dd6rg.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.25:C:\Windows.old\Documents and Settings\Guest One\Application Data\Mozilla\Firefox\Profiles\2w1dd6rg.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.26:C:\Windows.old\Documents and Settings\Guest One\Application Data\Mozilla\Firefox\Profiles\2w1dd6rg.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.35:C:\Windows.old\Documents and Settings\Guest One\Application Data\Mozilla\Firefox\Profiles\2w1dd6rg.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Windows.old\Documents and Settings\Guest One\Cookies\guest one@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Windows.old\Documents and Settings\Guest One\Cookies\guest one@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Windows.old\Documents and Settings\Guest One\Cookies\guest one@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.33:C:\Windows.old\Documents and Settings\Guest One\Application Data\Mozilla\Firefox\Profiles\2w1dd6rg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.34:C:\Windows.old\Documents and Settings\Guest One\Application Data\Mozilla\Firefox\Profiles\2w1dd6rg.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Windows.old\Documents and Settings\Guest One\Cookies\guest one@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Windows.old\Documents and Settings\Guest One\Cookies\guest one@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Edited by #DespeRATE, 18 April 2008 - 05:28 AM.


#8 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:49 AM

Posted 18 April 2008 - 05:27 AM

Ok, good.

Could you run a scan with Deckard's scanner and post a fresh report.

Cheers
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#9 #DespeRATE

#DespeRATE
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 18 April 2008 - 06:03 AM

Here you go!



Deckard's System Scanner v20071014.68
Run by Mr Garrick on 2008-04-18 19:00:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 82% (more than 75%).
Total Physical Memory: 1014 MiB (1024 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-18 19:00:25
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\wininit.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\services.exe
C:\Windows\System32\lsass.exe
C:\Windows\System32\lsm.exe
C:\Windows\System32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SLsvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SearchIndexer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe
C:\Users\Mr Garrick\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WaitDrv] "C:\ProgramData\wipe22.ofjnsd4"
O4 - HKCU\..\Run: [Pure Team Open Exit] "C:\ProgramData\Spam Body Mp3.dyi1b0"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/8/b...heckControl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


--
End of file - 10341 bytes

-- Files created between 2008-03-18 and 2008-04-18 -----------------------------

2008-04-17 23:07:55 0 d-------- C:\Users\All Users\Grisoft
2008-04-14 16:55:56 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-14 16:32:09 318 --a------ C:\delete.bat
2008-04-08 16:42:21 0 d--h----- C:\485a55da
2008-04-07 22:17:02 0 d-------- C:\Users\All Users\NextUp
2008-04-07 19:52:07 0 d-------- C:\Program Files\Spyware Doctor
2008-04-05 09:59:01 0 d-------- C:\Users\All Users\Messenger Plus!
2008-04-05 09:56:44 0 d-------- C:\Users\All Users\Option Camp Pure Team
2008-04-05 09:56:18 0 d-------- C:\Users\All Users\GrimProc
2008-04-05 09:55:55 0 d-------- C:\Program Files\Circle Developement
2008-04-05 09:55:48 0 d-------- C:\Program Files\Messenger Plus! Live
2008-04-01 17:22:41 0 d-------- C:\Users\All Users\Apple
2008-04-01 17:22:41 0 d-------- C:\Program Files\Apple Software Update
2008-03-29 09:13:41 0 d--h----- C:\Windows\msdownld.tmp
2008-03-29 09:13:36 0 d-------- C:\Windows\system32\directx
2008-03-28 20:50:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-26 22:08:09 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-26 21:58:23 0 d-------- C:\Users\Mr Garrick\Tracing
2008-03-25 17:16:17 0 d-------- C:\Program Files\The Game Creators
2008-03-25 17:14:50 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-22 19:45:13 0 d-------- C:\Program Files\AlphaZIP
2008-03-21 12:47:39 0 d-------- C:\Program Files\Vstplugins
2008-03-21 12:47:07 0 d-------- C:\Users\All Users\Sony
2008-03-21 12:45:38 0 d-------- C:\Program Files\Sony
2008-03-21 12:39:40 0 d-------- C:\Windows\system32\appmgmt
2008-03-20 21:19:14 0 d-------- C:\Program Files\Sony Setup
2008-03-20 07:55:13 0 dr------- C:\Users\Guest1\Searches
2008-03-20 07:54:51 0 dr------- C:\Users\Guest1\Contacts
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\Templates
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\Start Menu
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\SendTo
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\Recent
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\PrintHood
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\NetHood
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\My Documents
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\Local Settings
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\Cookies
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\Application Data
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Videos
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Saved Games
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Pictures
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Music
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Links
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Favorites
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Downloads
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Documents
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Desktop
2008-03-20 07:54:24 0 d--h----- C:\Users\Guest1\AppData
2008-03-20 07:54:23 524288 --ahs---- C:\Users\Guest1\NTUSER.DAT
2008-03-18 17:37:52 0 d-a------ C:\Users\All Users\TEMP
2008-03-18 16:08:02 0 d-------- C:\Users\All Users\pI3demoLicense
2008-03-18 07:58:22 0 dr------- C:\Users\Guest\Searches
2008-03-18 07:58:04 0 dr------- C:\Users\Guest\Contacts
2008-03-18 07:57:51 0 d--hs---- C:\Users\Guest\Templates
2008-03-18 07:57:51 0 d--hs---- C:\Users\Guest\Start Menu
2008-03-18 07:57:51 0 d--hs---- C:\Users\Guest\SendTo
2008-03-18 07:57:51 0 d--hs---- C:\Users\Guest\Recent
2008-03-18 07:57:51 0 d--hs---- C:\Users\Guest\PrintHood
2008-03-18 07:57:51 0 d--hs---- C:\Users\Guest\NetHood
2008-03-18 07:57:51 0 d--hs---- C:\Users\Guest\My Documents
2008-03-18 07:57:51 0 d--hs---- C:\Users\Guest\Local Settings
2008-03-18 07:57:51 0 d--hs---- C:\Users\Guest\Cookies
2008-03-18 07:57:51 0 d--hs---- C:\Users\Guest\Application Data
2008-03-18 07:57:49 0 dr------- C:\Users\Guest\Videos
2008-03-18 07:57:49 0 dr------- C:\Users\Guest\Saved Games
2008-03-18 07:57:49 0 dr------- C:\Users\Guest\Pictures
2008-03-18 07:57:49 786432 --ahs---- C:\Users\Guest\NTUSER.DAT
2008-03-18 07:57:49 0 dr------- C:\Users\Guest\Music
2008-03-18 07:57:49 0 dr------- C:\Users\Guest\Links
2008-03-18 07:57:49 0 dr------- C:\Users\Guest\Favorites
2008-03-18 07:57:49 0 dr------- C:\Users\Guest\Downloads
2008-03-18 07:57:49 0 dr------- C:\Users\Guest\Documents
2008-03-18 07:57:49 0 dr------- C:\Users\Guest\Desktop
2008-03-18 07:57:49 0 d--h----- C:\Users\Guest\AppData


-- Find3M Report ---------------------------------------------------------------

2008-04-18 19:00:01 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\uTorrent
2008-04-17 23:09:15 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Grisoft
2008-04-08 18:41:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-07 19:52:07 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\PC Tools
2008-03-28 20:50:58 0 d-------- C:\Program Files\Common Files
2008-03-27 18:03:31 0 d-------- C:\Program Files\Windows Live
2008-03-26 22:03:48 0 d-------- C:\Program Files\Windows Live Toolbar
2008-03-18 17:38:21 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Publish Providers
2008-03-18 17:37:43 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Sony
2008-03-16 23:03:32 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Adobe
2008-03-16 23:01:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-15 17:41:26 0 d-------- C:\Program Files\EUSING~1
2008-03-15 09:40:52 0 d-------- C:\Program Files\MSXML 4.0
2008-03-14 17:34:55 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Symantec
2008-03-14 08:45:29 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Macrovision
2008-03-14 08:43:40 0 d-------- C:\Program Files\Norton 360
2008-03-13 22:15:07 0 d-------- C:\Program Files\YouTube Downloader 3000
2008-03-13 22:07:14 0 d-------- C:\Program Files\Symantec
2008-03-13 22:05:30 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-13 20:05:23 0 d-------- C:\Program Files\Vodafone
2008-03-13 19:55:30 0 d-------- C:\Program Files\Bonjour
2008-03-13 19:42:30 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-12 19:58:37 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\WinRAR
2008-03-10 21:16:46 0 d-------- C:\Program Files\uTorrent
2008-03-08 17:24:43 0 d-------- C:\Program Files\Java
2008-03-07 13:47:50 0 d-------- C:\Program Files\Maxtor
2008-03-07 09:56:14 0 d-------- C:\Program Files\Common Files\Java
2008-03-06 18:54:14 0 d-------- C:\Program Files\Microsoft Works
2008-03-06 18:52:05 0 d-------- C:\Program Files\Microsoft.NET
2008-03-05 20:14:00 174 --ahs---- C:\Program Files\desktop.ini
2008-03-05 20:04:41 0 d-------- C:\Program Files\Windows Calendar
2008-03-05 20:04:38 0 d-------- C:\Program Files\Windows Mail
2008-03-05 20:04:34 0 d-------- C:\Program Files\Windows Defender
2008-03-05 20:04:17 0 d-------- C:\Program Files\Windows Sidebar
2008-03-05 19:15:08 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-05 11:30:48 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Macromedia
2008-03-05 11:24:25 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-03-05 10:56:16 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Identities


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [05/03/2008 07:48 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [06/09/2007 02:53 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [18/07/2007 09:54 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29/01/2008 05:38 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 10:16 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 12:55 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 05:25 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [05/03/2008 07:35 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 08:34 PM]
"ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [29/03/2007 03:41 PM]
"WaitDrv"="C:\ProgramData\wipe22.ofjnsd4" [05/04/2008 09:56 AM]
"Pure Team Open Exit"="C:\ProgramData\Spam Body Mp3.dyi1b0" [05/04/2008 09:56 AM]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [10/03/2008 09:16 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 08:33 PM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43 AM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 11:34 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fa32aa5-ebe5-11dc-a360-000000000000}]
AutoRun\command- .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d87ae59-0176-11dd-b936-000000000000}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4931c9a7-f549-11dc-99e1-000000000000}]
- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
- Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71fe427a-fc64-11dc-9486-000000000000}]
- F:\sunny.exe
- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\sunny.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b59c2c24-f0f0-11dc-a0bd-000000000000}]
- F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b59c2c4a-f0f0-11dc-a0bd-000000000000}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9b1a928-f029-11dc-abac-000000000000}]
- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2e46edf-02fc-11dd-8924-000000000000}]
- sunny.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-18 19:03:10 ------------

#10 #DespeRATE

#DespeRATE
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 19 April 2008 - 04:26 AM

This is the main.txt log for today.

Deckard's System Scanner v20071014.68
Run by Mr Garrick on 2008-04-19 17:23:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 81% (more than 75%).
Total Physical Memory: 1014 MiB (1024 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-19 17:23:42
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\wininit.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\services.exe
C:\Windows\System32\lsass.exe
C:\Windows\System32\lsm.exe
C:\Windows\System32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SLsvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SearchIndexer.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe
C:\Windows\System32\dllhost.exe
C:\Users\Mr Garrick\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WaitDrv] "C:\ProgramData\wipe22.ofjnsd4"
O4 - HKCU\..\Run: [Pure Team Open Exit] "C:\ProgramData\Spam Body Mp3.dyi1b0"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/8/b...heckControl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


--
End of file - 10524 bytes

-- Files created between 2008-03-19 and 2008-04-19 -----------------------------

2008-04-17 23:07:55 0 d-------- C:\Users\All Users\Grisoft
2008-04-14 16:55:56 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-14 16:32:09 318 --a------ C:\delete.bat
2008-04-08 16:42:21 0 d--h----- C:\485a55da
2008-04-07 22:17:02 0 d-------- C:\Users\All Users\NextUp
2008-04-07 19:52:07 0 d-------- C:\Program Files\Spyware Doctor
2008-04-05 09:59:01 0 d-------- C:\Users\All Users\Messenger Plus!
2008-04-05 09:56:44 0 d-------- C:\Users\All Users\Option Camp Pure Team
2008-04-05 09:56:18 0 d-------- C:\Users\All Users\GrimProc
2008-04-05 09:55:55 0 d-------- C:\Program Files\Circle Developement
2008-04-05 09:55:48 0 d-------- C:\Program Files\Messenger Plus! Live
2008-04-01 17:22:41 0 d-------- C:\Users\All Users\Apple
2008-04-01 17:22:41 0 d-------- C:\Program Files\Apple Software Update
2008-03-29 09:13:41 0 d--h----- C:\Windows\msdownld.tmp
2008-03-29 09:13:36 0 d-------- C:\Windows\system32\directx
2008-03-28 20:50:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-26 22:08:09 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-26 21:58:23 0 d-------- C:\Users\Mr Garrick\Tracing
2008-03-25 17:16:17 0 d-------- C:\Program Files\The Game Creators
2008-03-25 17:14:50 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-22 19:45:13 0 d-------- C:\Program Files\AlphaZIP
2008-03-21 12:47:39 0 d-------- C:\Program Files\Vstplugins
2008-03-21 12:47:07 0 d-------- C:\Users\All Users\Sony
2008-03-21 12:45:38 0 d-------- C:\Program Files\Sony
2008-03-21 12:39:40 0 d-------- C:\Windows\system32\appmgmt
2008-03-20 21:19:14 0 d-------- C:\Program Files\Sony Setup
2008-03-20 07:55:13 0 dr------- C:\Users\Guest1\Searches
2008-03-20 07:54:51 0 dr------- C:\Users\Guest1\Contacts
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\Templates
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\Start Menu
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\SendTo
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\Recent
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\PrintHood
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\NetHood
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\My Documents
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\Local Settings
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\Cookies
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\Application Data
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Videos
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Saved Games
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Pictures
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Music
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Links
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Favorites
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Downloads
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Documents
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Desktop
2008-03-20 07:54:24 0 d--h----- C:\Users\Guest1\AppData
2008-03-20 07:54:23 524288 --ahs---- C:\Users\Guest1\NTUSER.DAT


-- Find3M Report ---------------------------------------------------------------

2008-04-18 20:17:12 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\uTorrent
2008-04-17 23:09:15 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Grisoft
2008-04-08 18:41:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-07 19:52:07 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\PC Tools
2008-03-28 20:50:58 0 d-------- C:\Program Files\Common Files
2008-03-27 18:03:31 0 d-------- C:\Program Files\Windows Live
2008-03-26 22:03:48 0 d-------- C:\Program Files\Windows Live Toolbar
2008-03-18 17:38:21 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Publish Providers
2008-03-18 17:37:43 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Sony
2008-03-16 23:03:32 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Adobe
2008-03-16 23:01:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-15 17:41:26 0 d-------- C:\Program Files\EUSING~1
2008-03-15 09:40:52 0 d-------- C:\Program Files\MSXML 4.0
2008-03-14 17:34:55 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Symantec
2008-03-14 08:45:29 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Macrovision
2008-03-14 08:43:40 0 d-------- C:\Program Files\Norton 360
2008-03-13 22:15:07 0 d-------- C:\Program Files\YouTube Downloader 3000
2008-03-13 22:07:14 0 d-------- C:\Program Files\Symantec
2008-03-13 22:05:30 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-13 20:05:23 0 d-------- C:\Program Files\Vodafone
2008-03-13 19:55:30 0 d-------- C:\Program Files\Bonjour
2008-03-13 19:42:30 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-12 19:58:37 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\WinRAR
2008-03-10 21:16:46 0 d-------- C:\Program Files\uTorrent
2008-03-08 17:24:43 0 d-------- C:\Program Files\Java
2008-03-07 13:47:50 0 d-------- C:\Program Files\Maxtor
2008-03-07 09:56:14 0 d-------- C:\Program Files\Common Files\Java
2008-03-06 18:54:14 0 d-------- C:\Program Files\Microsoft Works
2008-03-06 18:52:05 0 d-------- C:\Program Files\Microsoft.NET
2008-03-05 20:14:00 174 --ahs---- C:\Program Files\desktop.ini
2008-03-05 20:04:41 0 d-------- C:\Program Files\Windows Calendar
2008-03-05 20:04:38 0 d-------- C:\Program Files\Windows Mail
2008-03-05 20:04:34 0 d-------- C:\Program Files\Windows Defender
2008-03-05 20:04:17 0 d-------- C:\Program Files\Windows Sidebar
2008-03-05 19:15:08 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-05 11:30:48 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Macromedia
2008-03-05 11:24:25 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-03-05 10:56:16 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Identities


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [05/03/2008 07:48 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [06/09/2007 02:53 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [18/07/2007 09:54 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29/01/2008 05:38 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 10:16 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 12:55 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 05:25 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [05/03/2008 07:35 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 08:34 PM]
"ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [29/03/2007 03:41 PM]
"WaitDrv"="C:\ProgramData\wipe22.ofjnsd4" [05/04/2008 09:56 AM]
"Pure Team Open Exit"="C:\ProgramData\Spam Body Mp3.dyi1b0" [05/04/2008 09:56 AM]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [10/03/2008 09:16 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 08:33 PM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43 AM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 11:34 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fa32aa5-ebe5-11dc-a360-000000000000}]
AutoRun\command- .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d87ae59-0176-11dd-b936-000000000000}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4931c9a7-f549-11dc-99e1-000000000000}]
- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
- Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71fe427a-fc64-11dc-9486-000000000000}]
- F:\sunny.exe
- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\sunny.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b59c2c24-f0f0-11dc-a0bd-000000000000}]
- F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b59c2c4a-f0f0-11dc-a0bd-000000000000}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9b1a928-f029-11dc-abac-000000000000}]
- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2e46edf-02fc-11dd-8924-000000000000}]
- sunny.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-19 17:25:05 ------------

#11 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:49 AM

Posted 19 April 2008 - 08:59 AM

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#12 #DespeRATE

#DespeRATE
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 20 April 2008 - 04:40 AM

Umms.

I do not have my vista DVD with me... so i cannot boot up my system in vista recovery environment to start out combofix...

As for the DSS report,

Deckard's System Scanner v20071014.68
Run by Mr Garrick on 2008-04-20 17:35:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 83% (more than 75%).
Total Physical Memory: 1014 MiB (1024 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-20 17:35:49
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\wininit.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\services.exe
C:\Windows\System32\lsass.exe
C:\Windows\System32\lsm.exe
C:\Windows\System32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SLsvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SearchIndexer.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Mr Garrick\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WaitDrv] "C:\ProgramData\wipe22.ofjnsd4"
O4 - HKCU\..\Run: [Pure Team Open Exit] "C:\ProgramData\Spam Body Mp3.dyi1b0"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/8/b...heckControl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


--
End of file - 10537 bytes

-- Files created between 2008-03-20 and 2008-04-20 -----------------------------

2008-04-17 23:07:55 0 d-------- C:\Users\All Users\Grisoft
2008-04-14 16:55:56 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-14 16:32:09 318 --a------ C:\delete.bat
2008-04-08 16:42:21 0 d--h----- C:\485a55da
2008-04-07 22:17:02 0 d-------- C:\Users\All Users\NextUp
2008-04-07 19:52:07 0 d-------- C:\Program Files\Spyware Doctor
2008-04-05 09:59:01 0 d-------- C:\Users\All Users\Messenger Plus!
2008-04-05 09:56:44 0 d-------- C:\Users\All Users\Option Camp Pure Team
2008-04-05 09:56:18 0 d-------- C:\Users\All Users\GrimProc
2008-04-05 09:55:55 0 d-------- C:\Program Files\Circle Developement
2008-04-05 09:55:48 0 d-------- C:\Program Files\Messenger Plus! Live
2008-04-01 17:22:41 0 d-------- C:\Users\All Users\Apple
2008-04-01 17:22:41 0 d-------- C:\Program Files\Apple Software Update
2008-03-29 09:13:41 0 d--h----- C:\Windows\msdownld.tmp
2008-03-29 09:13:36 0 d-------- C:\Windows\system32\directx
2008-03-28 20:50:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-26 22:08:09 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-26 21:58:23 0 d-------- C:\Users\Mr Garrick\Tracing
2008-03-25 17:16:17 0 d-------- C:\Program Files\The Game Creators
2008-03-25 17:14:50 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-22 19:45:13 0 d-------- C:\Program Files\AlphaZIP
2008-03-21 12:47:39 0 d-------- C:\Program Files\Vstplugins
2008-03-21 12:47:07 0 d-------- C:\Users\All Users\Sony
2008-03-21 12:45:38 0 d-------- C:\Program Files\Sony
2008-03-21 12:39:40 0 d-------- C:\Windows\system32\appmgmt
2008-03-20 21:19:14 0 d-------- C:\Program Files\Sony Setup
2008-03-20 07:55:13 0 dr------- C:\Users\Guest1\Searches
2008-03-20 07:54:51 0 dr------- C:\Users\Guest1\Contacts
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\Templates
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\Start Menu
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\SendTo
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\Recent
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\PrintHood
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\NetHood
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\My Documents
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\Local Settings
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\Cookies
2008-03-20 07:54:26 0 d--hs---- C:\Users\Guest1\Application Data
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Videos
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Saved Games
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Pictures
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Music
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Links
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Favorites
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Downloads
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Documents
2008-03-20 07:54:24 0 dr------- C:\Users\Guest1\Desktop
2008-03-20 07:54:24 0 d--h----- C:\Users\Guest1\AppData
2008-03-20 07:54:23 524288 --ahs---- C:\Users\Guest1\NTUSER.DAT


-- Find3M Report ---------------------------------------------------------------

2008-04-20 17:36:45 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\uTorrent
2008-04-17 23:09:15 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Grisoft
2008-04-08 18:41:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-07 19:52:07 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\PC Tools
2008-03-28 20:50:58 0 d-------- C:\Program Files\Common Files
2008-03-27 18:03:31 0 d-------- C:\Program Files\Windows Live
2008-03-26 22:03:48 0 d-------- C:\Program Files\Windows Live Toolbar
2008-03-18 17:38:21 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Publish Providers
2008-03-18 17:37:43 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Sony
2008-03-16 23:03:32 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Adobe
2008-03-16 23:01:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-15 17:41:26 0 d-------- C:\Program Files\EUSING~1
2008-03-15 09:40:52 0 d-------- C:\Program Files\MSXML 4.0
2008-03-14 17:34:55 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Symantec
2008-03-14 08:45:29 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Macrovision
2008-03-14 08:43:40 0 d-------- C:\Program Files\Norton 360
2008-03-13 22:15:07 0 d-------- C:\Program Files\YouTube Downloader 3000
2008-03-13 22:07:14 0 d-------- C:\Program Files\Symantec
2008-03-13 22:05:30 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-13 20:05:23 0 d-------- C:\Program Files\Vodafone
2008-03-13 19:55:30 0 d-------- C:\Program Files\Bonjour
2008-03-13 19:42:30 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-12 19:58:37 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\WinRAR
2008-03-10 21:16:46 0 d-------- C:\Program Files\uTorrent
2008-03-08 17:24:43 0 d-------- C:\Program Files\Java
2008-03-07 13:47:50 0 d-------- C:\Program Files\Maxtor
2008-03-07 09:56:14 0 d-------- C:\Program Files\Common Files\Java
2008-03-06 18:54:14 0 d-------- C:\Program Files\Microsoft Works
2008-03-06 18:52:05 0 d-------- C:\Program Files\Microsoft.NET
2008-03-05 20:14:00 174 --ahs---- C:\Program Files\desktop.ini
2008-03-05 20:04:41 0 d-------- C:\Program Files\Windows Calendar
2008-03-05 20:04:38 0 d-------- C:\Program Files\Windows Mail
2008-03-05 20:04:34 0 d-------- C:\Program Files\Windows Defender
2008-03-05 20:04:17 0 d-------- C:\Program Files\Windows Sidebar
2008-03-05 19:15:08 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-05 11:30:48 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Macromedia
2008-03-05 11:24:25 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-03-05 10:56:16 0 d-------- C:\Users\Mr Garrick\AppData\Roaming\Identities


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [05/03/2008 07:48 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [06/09/2007 02:53 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [18/07/2007 09:54 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29/01/2008 05:38 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 10:16 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 12:55 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 05:25 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [05/03/2008 07:35 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 08:34 PM]
"ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [29/03/2007 03:41 PM]
"WaitDrv"="C:\ProgramData\wipe22.ofjnsd4" [05/04/2008 09:56 AM]
"Pure Team Open Exit"="C:\ProgramData\Spam Body Mp3.dyi1b0" [05/04/2008 09:56 AM]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [10/03/2008 09:16 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 08:33 PM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43 AM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 11:34 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fa32aa5-ebe5-11dc-a360-000000000000}]
AutoRun\command- .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d87ae59-0176-11dd-b936-000000000000}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4931c9a7-f549-11dc-99e1-000000000000}]
- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
- Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71fe427a-fc64-11dc-9486-000000000000}]
- F:\sunny.exe
- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\sunny.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b59c2c24-f0f0-11dc-a0bd-000000000000}]
- F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b59c2c4a-f0f0-11dc-a0bd-000000000000}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9b1a928-f029-11dc-abac-000000000000}]
- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2e46edf-02fc-11dd-8924-000000000000}]
- sunny.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-20 17:37:55 ------------

#13 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:49 AM

Posted 20 April 2008 - 09:58 AM

The thing is you won't nea any Cd's or such. Just download the file from Microsoft and drag it into combofix.

Let me know the results.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#14 #DespeRATE

#DespeRATE
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 20 April 2008 - 10:31 AM

Sorry but pardon me for being a little bit to inquisitive.

The website to download from Microsoft is only for XP users, not Vista users, therefore even if I downloaded it, it would not be able to work on my Vista.

#15 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:49 AM

Posted 22 April 2008 - 10:06 AM

I do not have my vista DVD with me..

too bad.

Do you have a legal copy of Vista or did you download it using a torrent or similar?

Let me know.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users