Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infected With Zlob, Vundo... Hjt Logfile.


  • Please log in to reply
14 replies to this topic

#1 joerothuk

joerothuk

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 29 April 2008 - 06:10 AM

It started when i downloaded a 'codec' for a video file...
More and more problems seem to be emerging now.
Any help would be greatly appreciated!
thanks

Here is the logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:06 PM, on 4/29/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\joe\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Grisoft\AVG7\avgvv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\joe\AppData\Local\Temp\Rar$EX00.668\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {183EBEC3-1883-40E4-8F39-E446DC7E0510} - C:\Windows\system32\khfcAtQj.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [90e37c0f] rundll32.exe "C:\Windows\system32\wwsfopld.dll",b
O4 - HKLM\..\Run: [BM93d04f93] Rundll32.exe "C:\Windows\system32\ryskyqec.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/...NPUplden-gb.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcy_device - - C:\Windows\system32\lxcycoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9889 bytes

BC AdBot (Login to Remove)

 


#2 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:52 AM

Posted 02 May 2008 - 03:27 PM

Welcome!

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
  • Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.
==========

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#3 joerothuk

joerothuk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 03 May 2008 - 01:03 PM

Rahina, thanks for your help. I am unable to run the Windows Vista Recovery Environment because my laptop never came with the Vista CD. Is there a way I can continue without using the Recovery Console?
Thanks. Joe

#4 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:52 AM

Posted 03 May 2008 - 01:36 PM

Continue.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#5 joerothuk

joerothuk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 03 May 2008 - 03:36 PM

Ok, this was the result of the ComboFix scan when I ran it in normal mode:

ComboFix 08-05-01.3 - joe 2008-05-03 21:14:26.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1268 [GMT 1:00]
Running from: C:\Users\joe\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Windows\system32\ckvttign.dll
C:\Windows\system32\csfjntiq.dll
C:\Windows\System32\Desktop_.ini
C:\Windows\System32\dlpofsww.ini
C:\Windows\system32\egciytky.dll
C:\Windows\system32\gbxxbhip.dll
C:\Windows\System32\iwxtybav.ini
C:\Windows\System32\jQtAcfhk.ini
C:\Windows\System32\jQtAcfhk.ini2
C:\Windows\system32\khfcAtQj.dll
C:\Windows\system32\lduagfhp.ini
C:\Windows\system32\mcrh.tmp
C:\Windows\System32\ngittvkc.ini
C:\Windows\system32\pac.txt
C:\Windows\System32\pihbxxbg.ini
C:\Windows\system32\r1
C:\Windows\system32\srdyepvx.ini
C:\Windows\system32\vabytxwi.dll
C:\Windows\system32\wwsfopld.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-03 to 2008-05-03 )))))))))))))))))))))))))))))))
.

2008-05-03 17:05 . 2008-05-03 17:05 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-02 14:33 . 2008-05-02 14:33 <DIR> d-------- C:\Windows\Content.IE5
2008-04-30 13:00 . 2008-04-30 13:00 <DIR> d-------- C:\Users\joe\AppData\Roaming\Download Manager
2008-04-29 22:39 . 2008-04-29 23:11 4,313,304 --a------ C:\All Saints - Pure Shores.mp3
2008-04-29 22:36 . 2008-04-29 22:36 <DIR> d-------- C:\Program Files\CCleaner
2008-04-29 22:33 . 2008-04-29 23:09 4,930,366 --a------ C:\All Saints - I Know Where Its At.mp3
2008-04-29 22:32 . 2008-04-29 22:34 5,034,440 --a------ C:\All Saints - Never Ever.mp3
2008-04-29 22:32 . 2008-04-29 22:35 4,777,819 --a------ C:\All Saints - Under The Bridge.mp3
2008-04-29 22:32 . 2008-04-29 22:39 4,240,161 --a------ C:\All Saints -Dreams.mp3
2008-04-29 22:22 . 2008-04-29 22:26 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-04-29 22:18 . 2008-04-29 22:19 <DIR> d-------- C:\Users\joe\Pavark
2008-04-29 22:12 . 2004-08-04 07:00 506,368 --a------ C:\Windows\System32\msxml.dll
2008-04-29 11:54 . 2008-04-29 11:54 <DIR> d-------- C:\VundoFix Backups
2008-04-26 01:30 . 2006-11-02 10:46 874,496 --a------ C:\Windows\System32\byXRihHA.dll
2008-04-25 19:31 . 2008-04-27 11:07 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-04-25 19:01 . 2008-04-25 19:36 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-24 15:00 . 2008-04-24 15:00 <DIR> d-------- C:\DJ Shadow - The Outsider [2006]
2008-04-24 14:59 . 2008-04-24 14:59 <DIR> d-------- C:\DJ Shadow and Cut Chemist The Hard Sell 2008
2008-04-24 14:39 . 2008-04-24 14:40 4,692,356 --a------ C:\05 Sexy Sadie.mp3
2008-04-24 14:16 . 2008-04-24 14:24 <DIR> d--hs---- C:\Users\joe\!
2008-04-24 14:16 . 2008-04-24 14:16 411 --a------ C:\Users\joe\683.bat
2008-04-24 14:15 . 2008-04-25 14:54 <DIR> d-------- C:\Windows\System32\pnVes05
2008-04-24 14:15 . 2008-04-25 14:54 <DIR> d-------- C:\Windows\System32\De2
2008-04-24 14:15 . 2008-04-24 14:15 <DIR> d-------- C:\temp\zvebs14
2008-04-24 14:15 . 2008-04-24 14:15 <DIR> d-------- C:\temp\kvebs14
2008-04-24 14:15 . 2008-05-03 16:53 <DIR> dr-h----- C:\$VAULT$.AVG
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-11 17:50 . 2008-04-11 17:50 <DIR> d-------- C:\Users\joe\AppData\Roaming\DAEMON Tools
2008-04-11 17:50 . 2008-04-11 17:50 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-04-10 13:09 . 2008-02-15 00:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-10 13:09 . 2008-02-19 06:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-10 13:09 . 2008-02-29 07:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-10 13:09 . 2008-02-29 07:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-10 13:09 . 2008-02-29 07:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-10 13:09 . 2008-02-29 07:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-10 13:09 . 2008-02-29 07:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-10 13:09 . 2008-02-29 07:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-10 13:09 . 2008-02-29 07:35 6,656 --a------ C:\Windows\System32\kbd106n.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 20:22 62,609 ----a-w C:\Users\joe\AppData\Roaming\nvModes.dat
2008-05-03 16:07 --------- d-----w C:\Program Files\Java
2008-05-03 10:34 --------- d-----w C:\Users\joe\AppData\Roaming\AVG7
2008-05-02 12:40 --------- d-----w C:\Program Files\Launch Manager
2008-04-29 21:31 --------- d-----w C:\Users\joe\AppData\Roaming\LimeWire
2008-04-25 18:34 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-24 15:49 --------- d-----w C:\Users\joe\AppData\Roaming\uTorrent
2008-04-24 13:21 --------- d-----w C:\Program Files\LimeWire
2008-04-18 11:13 --------- d-----w C:\Program Files\lx_cats
2008-04-11 22:28 --------- d-----w C:\Program Files\Azureus
2008-04-10 21:59 --------- d-----w C:\Program Files\Windows Mail
2008-04-01 16:30 --------- d-----w C:\Users\joe\AppData\Roaming\Winamp
2008-04-01 16:14 --------- d-----w C:\Program Files\Winamp
2008-03-26 14:00 --------- d-----w C:\Users\joe\AppData\Roaming\Audacity
2008-03-23 14:49 --------- d-----w C:\ProgramData\FLEXnet
2008-03-23 14:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-23 14:42 --------- d-----w C:\Program Files\Bonjour
2008-03-23 14:30 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-03-22 00:44 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-03-17 10:59 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-03-12 12:38 --------- d-----w C:\ProgramData\Lavasoft
2008-03-12 12:30 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-03-10 12:38 --------- d-----w C:\Users\joe\AppData\Roaming\Skype
2008-03-07 14:50 --------- d-----w C:\Program Files\ASIO4ALL v2
2008-03-03 18:42 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-03 18:41 --------- d-----w C:\Program Files\Microsoft Works
2008-02-29 13:35 32 ----a-w C:\Users\All Users\ezsid.dat
2008-02-29 13:35 32 ----a-w C:\ProgramData\ezsid.dat
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-15 10:03 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-15 09:58 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-15 09:58 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-15 09:57 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-15 09:57 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-15 09:57 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-15 09:57 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-15 09:57 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-15 09:57 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-15 09:57 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-15 09:57 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-15 09:57 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-15 09:57 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2007-09-04 08:33 174 --sha-w C:\Program Files\desktop.ini
2007-11-22 19:48 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-22 19:48 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-22 19:48 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-09-13 21:31 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-04 09:20 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 04:00 815104]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-01-03 03:58 464168]
"Acer Tour"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-20 06:50 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-20 06:50 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-20 06:50 81920]
"SetPanel"="" []
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-12-08 13:35 614400]
"Acer Product Registration"="C:\Program Files\Acer Registration\ACE1.exe" [2006-12-13 19:55 3166208]
"Acer Assist Launcher"="C:\Program Files\Acer Assist\launcher.exe" [2006-12-07 23:37 1261568]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-01-14 04:38 151552]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-21 10:50 579584]
"LXCYCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-11-21 12:27 106496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 17:21 169328]
"RegistryMechanic"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 10:03 219136]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-01-18 11:43:09 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-09-03 14:59 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^joe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\Windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\90e37c0f]
C:\Windows\system32\xvpeydrs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCYCATS]
--a------ 2006-11-21 12:27 106496 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-13 21:31 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1285504082-2982717033-2881400984-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1DDEF22B-8A07-45F9-A434-DA53FE74CC70}"= UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{17AD8554-0BA2-46C2-824B-0D51FF57F619}"= TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"TCP Query User{243AAC8E-8A50-48BB-9873-947907F5BC8D}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{B40367E4-BB73-405C-A4D6-81843117E2A1}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{B31645C7-3776-4814-A4FD-14B885E9DF59}C:\\users\\joe\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:C:\users\joe\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{143F9113-C437-44D1-B2C7-2AB9AE5A507A}C:\\users\\joe\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:C:\users\joe\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"TCP Query User{B9B52E27-6110-4283-BCE6-3C358493F435}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{E8473BE2-A668-416E-B48A-84F0AA776320}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{9DF80D33-EE53-4EE5-ACBA-4C8932F218CF}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{CCEAA270-2DCD-4F25-BF99-2255621213A2}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{AE515E59-5376-4CAE-997F-612715D58E97}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVU Player Component
"UDP Query User{C00DC2EE-BB92-49E2-B487-C36742B1C80F}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVU Player Component
"TCP Query User{CF33C6E8-C30B-49AB-8CF0-8241FA5FD93F}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{99D46602-778B-4453-8007-1F9E25F88EAF}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"{DC87D5BF-F9EF-4D43-B55D-09066140AFF7}"= UDP:C:\Windows\System32\lxcycoms.exe:Lexmark Communications System
"{45E393AC-BEA5-4D7D-99BD-71E21A53A392}"= TCP:C:\Windows\System32\lxcycoms.exe:Lexmark Communications System
"{0262FEA1-C456-436F-8E9F-4A75F09CEFC3}"= UDP:C:\Program Files\Lexmark 3400 Series\lxcymon.exe:Device Monitor
"{B90F645F-2890-441A-95AF-108584372ADA}"= TCP:C:\Program Files\Lexmark 3400 Series\lxcymon.exe:Device Monitor
"{A0B658C1-ED69-442C-8E7C-2E73D1051154}"= UDP:C:\Program Files\Lexmark 3400 Series\lxcyaiox.exe:All In One Center
"{6B3FAA86-A1AF-4EDC-8A7A-09418DE3CB2F}"= TCP:C:\Program Files\Lexmark 3400 Series\lxcyaiox.exe:All In One Center
"TCP Query User{45736D60-0287-4D37-9AC5-21A62EBBC517}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{209E9D58-A84E-46F2-A55E-9DE0CAE30904}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{A8EA1780-4E2D-4984-8491-8B2E9DC8895A}C:\\users\\joe\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:C:\users\joe\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{01D43471-CDB4-4BAD-B04C-4CBF3DCE5354}C:\\users\\joe\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:C:\users\joe\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"TCP Query User{34EA8706-54E6-4F7F-88E8-26C39EE68BBF}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{50740DE1-52F2-4713-99CD-10B4303EC021}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"{B7FF9088-108A-4B34-8E9A-7ED488F92FDC}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{652DAD0C-6F74-4F42-9628-CF27BA4A5464}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{9033C61B-D4B3-4A3F-B8D7-C678806CC830}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{CE5109D4-E6C8-46AC-8994-FF35C9F1B2B6}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{E9E20915-2A19-4410-9744-6333DF9687DB}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{368E7C10-22A4-4439-B34C-8CE737B2D6E8}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"{0D2320F2-A1BD-480A-95AE-C437FAAA19A5}"= UDP:59888:63879
"{59984D09-35E6-4B6F-98F0-0A800E2973A6}"= TCP:59888:63879
"{0F83E850-3CAB-413D-84E6-89B5136104CB}"= Disabled:UDP:64828:64828
"{FEE60CF7-6E39-4D17-98A5-D67ED65E376B}"= Disabled:TCP:64828:64828
"{6BEC841E-F6F0-48D0-8D7A-4F4E3AF29ED0}"= UDP:12911:12911
"{BE5146CA-3CFF-40C8-AAE5-B35FE0C5BB93}"= TCP:12911:12911
"{1351E6D2-1AC6-488F-8CF8-95153D227BF7}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9C936F5D-BFEF-47B8-8138-6D40B8ECD5DF}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{6D6F45D9-312B-4683-B8E5-E9708CC79DB6}"= Disabled:UDP:16900:16900
"{359C83E7-C984-45F8-84A7-177873894EC8}"= Disabled:TCP:16900:16900
"{5964AFB9-9A87-4942-894C-54A409F37DC4}"= UDP:12911:utorrent
"{0834F42F-B8FA-426C-AC7E-4D6EAA25F3B7}"= TCP:12911:utorrent2
"{4AB6F77B-6DEB-46FE-942F-6766F5C6AE7B}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{7D6D4F50-3212-4163-93E1-0AEE302A433B}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{621E9F18-8DFC-43D1-A289-1D0A3E7A4A9C}"= UDP:63879:az1
"{C060FF5B-5C14-4633-8DC6-11F60FDCA138}"= TCP:63879:az2
"TCP Query User{356A700B-B540-427D-9EE3-A01CA65CB2AD}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{A7CFD504-0530-4A35-BD27-308FA8C92E36}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{19FE9059-31C0-4EE5-87A0-0F09D8C7A906}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{EC5EC0DB-7F95-43E8-A64D-5E3DAF440671}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{F962FF84-C952-42AE-8251-C62715A7F2A3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{136B6301-F59D-4E10-B4C0-4B5092F2183E}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{1B6F654D-804E-44F9-9132-A8AA017CEBDE}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{E60FD91B-69CF-4FB8-9F04-1C074B271C3F}C:\\program files\\quicktime\\quicktimeplayer.exe"= UDP:C:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"UDP Query User{7F5639E9-F574-4ACD-8DA5-E4D12C15DEB2}C:\\program files\\quicktime\\quicktimeplayer.exe"= TCP:C:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"TCP Query User{E75D3D77-DD2D-4E18-9486-03ACEA83ECFC}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{8486CB85-50A5-4C05-A8AF-7002DA34D0A4}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-01-03 03:59]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-01-03 03:59]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-01-03 03:59]
R2 Basics Service;Basics Service;"C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe" [2007-10-09 17:21]
R2 eDataSecurity Service;eDataSecurity Service;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-01-03 03:58]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-29 05:07]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-01-03 01:46]
R2 lxcy_device;lxcy_device;C:\Windows\system32\lxcycoms.exe [2006-11-29 11:57]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 21:57]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 17:46]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 18:33]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 01:39]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-17 11:59]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 08:30]
S3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-19 00:44]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-03 21:21:46
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Windows\TEMP\TMP000000010090A59A7AFB750C 524288 bytes

scan completed successfully
hidden files: 7

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\conime.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eNet\eNMTray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
.
**************************************************************************
.
Completion time: 2008-05-03 21:27:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-03 20:26:54

Pre-Run: 5,781,639,168 bytes free
Post-Run: 5,525,090,304 bytes free

321 --- E O F --- 2008-05-02 10:44:04
















And this is the result of a new HJT logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:57 PM, on 5/3/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\joe\Desktop\antispyware\HiJackThis_v2.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\joe\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcy_device - - C:\Windows\system32\lxcycoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9605 bytes

#6 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:52 AM

Posted 05 May 2008 - 07:51 AM

Better,

Please download Malwarebytes' Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Double-click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • If you have trouble with the update process, please download the latest updates here.
  • Double-click the mbam-rules.exe file on your desktop and let it update the application.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (see extra note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please copy and paste the entire report in your next reply. :thumbsup:
Extra note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#7 joerothuk

joerothuk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 05 May 2008 - 08:35 AM

Yeah computer is running much much better now!
Thanks for your on-going help! You rock :thumbsup:

Here is the result of the Malwarebyte's scan:

Malwarebytes' Anti-Malware 1.11
Database version: 719

Scan type: Quick Scan
Objects scanned: 34570
Time elapsed: 12 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:52 AM

Posted 05 May 2008 - 09:48 AM

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Turn off the real time scanner of any existing antivirus program while performing the online scan
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#9 joerothuk

joerothuk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 06 May 2008 - 04:16 AM

Okay, here is the results of the Kaspersky scan:



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 06, 2008 10:13:51 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/05/2008
Kaspersky Anti-Virus database records: 741463
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
G:\

Scan Statistics:
Total number of scanned objects: 126689
Number of viruses found: 5
Number of infected objects: 16
Number of suspicious objects: 0
Duration of the scan process: 01:36:19

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\ProgramData\avg7\Log\emc.log Object is locked skipped
C:\ProgramData\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\ProgramData\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\ProgramData\Kontiki\error.log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2b7fb3ba597ab3d5bfc13206ef7555a5_c31f63fe-73a4-48b0-bacc-5d80dab4bfea Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.4.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.4.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy3.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfBE6E.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfBE6F.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log Object is locked skipped
C:\QooBox\Quarantine\C\Windows\System32\ckvttign.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj skipped
C:\QooBox\Quarantine\C\Windows\System32\wwsfopld.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj skipped
C:\QooBox\Quarantine\catchme2008-05-03_211850.74.zip/khfcAtQj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qni skipped
C:\QooBox\Quarantine\catchme2008-05-03_211850.74.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\joe\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\joe\AppData\Local\Microsoft\Messenger\joerothuk@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Users\joe\AppData\Local\Microsoft\Messenger\joerothuk@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Users\joe\AppData\Local\Microsoft\Messenger\joerothuk@hotmail.com\SharingMetadata\Working\database_1C90_E39E_90E3_7CA0\dfsr.db Object is locked skipped
C:\Users\joe\AppData\Local\Microsoft\Messenger\joerothuk@hotmail.com\SharingMetadata\Working\database_1C90_E39E_90E3_7CA0\fsr.log Object is locked skipped
C:\Users\joe\AppData\Local\Microsoft\Messenger\joerothuk@hotmail.com\SharingMetadata\Working\database_1C90_E39E_90E3_7CA0\fsrtmp.log Object is locked skipped
C:\Users\joe\AppData\Local\Microsoft\Messenger\joerothuk@hotmail.com\SharingMetadata\Working\database_1C90_E39E_90E3_7CA0\tmp.edb Object is locked skipped
C:\Users\joe\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\joe\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\joe\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\joe\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\joe\AppData\Local\Microsoft\Windows\UsrClass.dat{12710949-5a96-11dc-900f-0016d4ca9b6f}.TM.blf Object is locked skipped
C:\Users\joe\AppData\Local\Microsoft\Windows\UsrClass.dat{12710949-5a96-11dc-900f-0016d4ca9b6f}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\joe\AppData\Local\Microsoft\Windows\UsrClass.dat{12710949-5a96-11dc-900f-0016d4ca9b6f}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\joe\AppData\Local\Microsoft\Windows Defender\FileTracker\{1A1B90A8-DAE0-4DEA-B53A-7C379D0C2F91} Object is locked skipped
C:\Users\joe\AppData\Local\Microsoft\Windows Live Contacts\joerothuk@hotmail.com\real\members.stg Object is locked skipped
C:\Users\joe\AppData\Local\Temp\~DFD4EC.tmp Object is locked skipped
C:\Users\joe\AppData\Local\Temp\~DFE2DF.tmp Object is locked skipped
C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\joe\Desktop\antispyware\backups\backup-20080501-101932-948.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qni skipped
C:\Users\joe\Desktop\antispyware\backups\backup-20080501-182117-280.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qni skipped
C:\Users\joe\Desktop\antispyware\backups\backup-20080502-122417-178.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qni skipped
C:\Users\joe\Desktop\backups\backup-20080427-005904-171.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qni skipped
C:\Users\joe\Desktop\backups\backup-20080427-010556-677.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qni skipped
C:\Users\joe\Desktop\backups\backup-20080427-232454-539.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qni skipped
C:\Users\joe\Desktop\backups\backup-20080428-114919-116.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qni skipped
C:\Users\joe\Desktop\Download_spyzookasetup1.exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped
C:\Users\joe\Desktop\stuff\divx.zip/Divx.exe/Gain_Trickler.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
C:\Users\joe\Desktop\stuff\divx.zip/Divx.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
C:\Users\joe\Desktop\stuff\divx.zip ZIP: infected - 2 skipped
C:\Users\joe\ntuser.dat Object is locked skipped
C:\Users\joe\ntuser.dat.LOG1 Object is locked skipped
C:\Users\joe\ntuser.dat.LOG2 Object is locked skipped
C:\Users\joe\ntuser.dat{91a303b8-87df-11dc-8189-0016d4ca9b6f}.TM.blf Object is locked skipped
C:\Users\joe\ntuser.dat{91a303b8-87df-11dc-8189-0016d4ca9b6f}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\joe\ntuser.dat{91a303b8-87df-11dc-8189-0016d4ca9b6f}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\joe\Shared\mi chamocha.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{0B3C68CC-1772-4ACB-A540-A26C210348C8}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{6E1340C7-92AC-4CF1-A7C4-F7E0664D26F6}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\components Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\default Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\sam Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\security Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\software Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\system Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\drivers\sptd.sys Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

#10 joerothuk

joerothuk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 06 May 2008 - 04:18 AM

Alternatively attached is an easier-to-read format:

Attached Files



#11 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:52 AM

Posted 06 May 2008 - 08:08 AM

Please download OTMoveIt2 by OldTimer and save to your Desktop.
  • Double-click on OTMoveIt2.exe to launch the program.
  • Copy the file(s)/folder(s) paths listed below - highlight everything in the quote box and press CTRL+C or right-click and choose Copy.

C:\Users\joe\Desktop\antispyware\backups\backup-20080501-101932-948.dll
C:\Users\joe\Desktop\antispyware\backups\backup-20080501-182117-280.dll
C:\Users\joe\Desktop\antispyware\backups\backup-20080502-122417-178.dll
C:\Users\joe\Desktop\backups\backup-20080427-005904-171.dll
C:\Users\joe\Desktop\backups\backup-20080427-010556-677.dll
C:\Users\joe\Desktop\backups\backup-20080427-232454-539.dll
C:\Users\joe\Desktop\backups\backup-20080428-114919-116.dll
C:\Users\joe\Desktop\Download_spyzookasetup1.exe
C:\Users\joe\Desktop\stuff\divx.zip
C:\Users\joe\Shared\mi chamocha.mp3

  • Return to OTMoveIt2, right-click in the open text box labeled "Paste List of Files/Folders to be Moved" (under the light blue bar) and choose Paste.
  • Click the red MoveIt! button.
  • The list will be processed and the results will be displayed in the right-hand pane.
  • Highlight everything in the Results window (under the green bar), press CTRL+C or right-click, choose Copy, right-click again and Paste it in your next reply.
  • Click Exit when done.
  • A log of the results is automatically created and saved to C:\_OTMoveIt\MovedFiles \mmddyyyy_hhmmss.log <- the date/time the tool was run.
-- Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

Caution: Be careful of what you copy and paste with this tool. OTMoveIt is a powerful program, designed to move highly persistent files and folders. Not following the directions as instructed or using incorrectly could lead to disastrous problems with your operating system.

============

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for me to analyze.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.

[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#12 joerothuk

joerothuk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 07 May 2008 - 01:28 PM

Hey Rahina :thumbsup:

Here is the result of the MoveIt scan:



DllUnregisterServer procedure not found in C:\Users\joe\Desktop\antispyware\backups\backup-20080501-101932-948.dll
C:\Users\joe\Desktop\antispyware\backups\backup-20080501-101932-948.dll NOT unregistered.
C:\Users\joe\Desktop\antispyware\backups\backup-20080501-101932-948.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\joe\Desktop\antispyware\backups\backup-20080501-182117-280.dll
C:\Users\joe\Desktop\antispyware\backups\backup-20080501-182117-280.dll NOT unregistered.
C:\Users\joe\Desktop\antispyware\backups\backup-20080501-182117-280.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\joe\Desktop\antispyware\backups\backup-20080502-122417-178.dll
C:\Users\joe\Desktop\antispyware\backups\backup-20080502-122417-178.dll NOT unregistered.
C:\Users\joe\Desktop\antispyware\backups\backup-20080502-122417-178.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\joe\Desktop\backups\backup-20080427-005904-171.dll
C:\Users\joe\Desktop\backups\backup-20080427-005904-171.dll NOT unregistered.
C:\Users\joe\Desktop\backups\backup-20080427-005904-171.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\joe\Desktop\backups\backup-20080427-010556-677.dll
C:\Users\joe\Desktop\backups\backup-20080427-010556-677.dll NOT unregistered.
C:\Users\joe\Desktop\backups\backup-20080427-010556-677.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\joe\Desktop\backups\backup-20080427-232454-539.dll
C:\Users\joe\Desktop\backups\backup-20080427-232454-539.dll NOT unregistered.
C:\Users\joe\Desktop\backups\backup-20080427-232454-539.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\joe\Desktop\backups\backup-20080428-114919-116.dll
C:\Users\joe\Desktop\backups\backup-20080428-114919-116.dll NOT unregistered.
C:\Users\joe\Desktop\backups\backup-20080428-114919-116.dll moved successfully.
C:\Users\joe\Desktop\Download_spyzookasetup1.exe moved successfully.
C:\Users\joe\Desktop\stuff\divx.zip moved successfully.
C:\Users\joe\Shared\mi chamocha.mp3 moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05062008_140909









Deckard's System Scanner v20071014.68
Run by joe on 2008-05-06 14:10:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
11: 2008-05-06 02:12:35 UTC - RP422 - Scheduled Checkpoint
10: 2008-05-05 11:04:54 UTC - RP421 - Scheduled Checkpoint
9: 2008-05-04 11:19:19 UTC - RP420 - Scheduled Checkpoint
8: 2008-05-03 22:03:16 UTC - RP419 - Installed 4oD.
7: 2008-05-03 20:13:42 UTC - RP418 - ComboFix created restore point


-- First Restore Point --
1: 2008-05-01 14:29:22 UTC - RP412 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 6.95 GiB (less than 15%) free.


-- HijackThis (run as joe.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:11:28 PM, on 5/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\joe\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\Users\joe\Desktop\joe.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcy_device - - C:\Windows\system32\lxcycoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10121 bytes

-- HijackThis Fixed Entries (C:\Users\joe\Desktop\backups\) --------------------

backup-20080427-005904-171 O2 - BHO: (no name) - {A286E885-1BCE-4649-A05D-2AC836FAC747} - C:\Windows\system32\khfcAtQj.dll
backup-20080427-005904-233 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080427-005904-243 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080427-005904-369 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080427-005904-410 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080427-005904-438 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080427-005904-452 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080427-005904-482 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080427-005904-637 O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\Windows\system32\qbfdoobe.dll (file missing)
backup-20080427-010556-236 O4 - HKCU\..\Run: [Host Process] C:\Users\joe\svchost.exe
backup-20080427-010556-292 O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} -
backup-20080427-010556-525 O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fccaBRLc.dll,#1
backup-20080427-010556-677 O2 - BHO: (no name) - {A286E885-1BCE-4649-A05D-2AC836FAC747} - C:\Windows\system32\khfcAtQj.dll
backup-20080427-010557-789 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
backup-20080427-232454-539 O2 - BHO: (no name) - {8F3342C8-0174-452D-8FBE-60F73A3915FE} - C:\Windows\system32\khfcAtQj.dll
backup-20080427-232454-626 O2 - BHO: (no name) - {C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA} - C:\Windows\system32\fccaBRLc.dll (file missing)
backup-20080427-232454-659 O2 - BHO: {ae02d2dd-cd9d-b82a-59b4-e97905b1e8fb} - {bf8e1b50-979e-4b95-a28b-d9dcdd2d20ea} - C:\Windows\system32\sdhqbdog.dll
backup-20080428-114919-116 O2 - BHO: (no name) - {D776E9F8-EC77-4BE2-885C-0D4A7B157695} - C:\Windows\system32\khfcAtQj.dll

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 eLockService (eLock Service) - c:\acer\empowering technology\elock\service\elockserv.exe <Not Verified; Acer Inc.; Acer eLock Management>
R2 eNet Service - c:\acer\empowering technology\enet\enet service.exe <Not Verified; Acer Inc.; Acer eNet Management>
R2 eRecoveryService (eRecovery Service) - c:\acer\empowering technology\erecovery\erecoveryservice.exe <Not Verified; Acer Inc.; eRecoveryService>
R2 eSettingsService (eSettings Service) - c:\acer\empowering technology\esettings\service\capuserv.exe <Not Verified; ; Service>
R2 MobilityService - c:\acer\mobility center\mobilityservice.exe -p
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R2 WMIService (ePower Service) - c:\acer\empowering technology\epower\epowersvc.exe <Not Verified; acer; Acer ePower Management>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-04-06 and 2008-05-06 -----------------------------

2008-05-06 10:13:05 0 --a------ C:\Windows\nsreg.dat
2008-05-06 00:10:54 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-05-06 00:10:53 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-05-05 14:17:10 0 d-------- C:\Users\All Users\Malwarebytes
2008-05-05 14:17:10 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-03 23:06:14 0 d-------- C:\Program Files\Incomplete
2008-05-03 23:03:42 0 d-------- C:\Program Files\Kontiki
2008-05-03 23:03:41 0 d-------- C:\Users\All Users\Kontiki
2008-05-03 23:03:41 0 d-------- C:\Program Files\Channel4
2008-05-03 23:02:54 0 d-------- C:\Users\All Users\Channel4
2008-05-03 21:13:15 68096 --a------ C:\Windows\zip.exe
2008-05-03 21:13:15 49152 --a------ C:\Windows\VFind.exe
2008-05-03 21:13:15 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-03 21:13:15 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-03 21:13:15 98816 --a------ C:\Windows\sed.exe
2008-05-03 21:13:15 80412 --a------ C:\Windows\grep.exe
2008-05-03 21:13:15 73728 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-03 21:13:14 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-03 17:05:03 0 d-------- C:\Program Files\Common Files\Java
2008-05-02 14:33:30 0 d-------- C:\Windows\Content.IE5
2008-04-29 22:36:16 0 d-------- C:\Program Files\CCleaner
2008-04-29 22:22:39 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-04-29 22:18:18 0 d-------- C:\Users\joe\Pavark
2008-04-29 22:12:36 506368 --a------ C:\Windows\system32\msxml.dll <Not Verified; Microsoft Corporation; Microsoft XML Core Services>
2008-04-29 11:54:41 0 d-------- C:\VundoFix Backups
2008-04-25 19:31:12 0 d-------- C:\Program Files\a-squared Anti-Malware
2008-04-25 19:01:01 0 d-------- C:\Program Files\Enigma Software Group
2008-04-24 15:00:41 0 d-------- C:\DJ Shadow - The Outsider [2006]
2008-04-24 14:59:34 0 d-------- C:\DJ Shadow and Cut Chemist The Hard Sell 2008
2008-04-24 14:16:46 411 --a------ C:\Users\joe\683.bat
2008-04-24 14:16:44 0 d--hs---- C:\Users\joe\!
2008-04-24 14:15:52 0 dr-h----- C:\$VAULT$.AVG
2008-04-24 14:15:43 0 d-------- C:\Windows\system32\De2
2008-04-24 14:15:38 0 d-------- C:\Windows\system32\pnVes05
2008-04-11 18:59:38 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-04-11 17:50:36 717296 --a------ C:\Windows\system32\drivers\sptd.sys


-- Find3M Report ---------------------------------------------------------------

2008-05-06 10:06:33 62609 --a------ C:\Users\joe\AppData\Roaming\nvModes.dat
2008-05-06 10:06:33 62609 --a------ C:\Users\joe\AppData\Roaming\nvModes.001
2008-05-05 14:17:14 0 d-------- C:\Users\joe\AppData\Roaming\Malwarebytes
2008-05-05 10:21:01 0 d-------- C:\Users\joe\AppData\Roaming\AVG7
2008-05-04 14:40:41 0 d-------- C:\Program Files\Launch Manager
2008-05-03 23:06:31 0 d-------- C:\Users\joe\AppData\Roaming\LimeWire
2008-05-03 23:06:14 0 d-------- C:\Program Files\LimeWire
2008-05-03 17:07:09 0 d-------- C:\Program Files\Java
2008-05-03 17:05:03 0 d-------- C:\Program Files\Common Files
2008-04-30 13:00:53 0 d-------- C:\Users\joe\AppData\Roaming\Download Manager
2008-04-25 19:34:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-24 16:49:30 0 d-------- C:\Users\joe\AppData\Roaming\uTorrent
2008-04-18 12:13:30 0 d-------- C:\Program Files\lx_cats
2008-04-11 23:28:37 0 d-------- C:\Program Files\Azureus
2008-04-11 17:50:00 0 d-------- C:\Users\joe\AppData\Roaming\DAEMON Tools
2008-04-10 22:59:00 0 d-------- C:\Program Files\Windows Mail
2008-04-01 17:30:27 0 d-------- C:\Users\joe\AppData\Roaming\Winamp
2008-04-01 17:14:50 0 d-------- C:\Program Files\Winamp
2008-03-26 15:00:22 0 d-------- C:\Users\joe\AppData\Roaming\Audacity
2008-03-23 16:04:04 0 d-------- C:\Users\joe\AppData\Roaming\Adobe
2008-03-23 15:42:33 0 d-------- C:\Program Files\Bonjour
2008-03-23 15:42:32 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-23 15:30:17 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-22 01:44:50 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-03-10 13:38:18 0 d-------- C:\Users\joe\AppData\Roaming\Skype
2008-03-08 16:27:16 19 --a------ C:\Windows\system32\Settings.dat
2008-03-07 15:50:34 0 d-------- C:\Program Files\ASIO4ALL v2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [09/04/2007 09:20 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/23/2006 04:00 AM]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [01/03/2007 03:58 AM]
"Acer Tour"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [12/20/2006 06:50 AM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [12/20/2006 06:50 AM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [12/20/2006 06:50 AM]
"SetPanel"="" []
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [12/08/2006 01:35 PM]
"Acer Product Registration"="C:\Program Files\Acer Registration\ACE1.exe" [12/13/2006 07:55 PM]
"Acer Assist Launcher"="C:\Program Files\Acer Assist\launcher.exe" [12/07/2006 11:37 PM]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [01/14/2007 04:38 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/21/2008 10:50 AM]
"LXCYCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [11/21/2006 12:27 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/10/2008 04:27 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 04:22 AM]
"basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [10/09/2007 05:21 PM]
"RegistryMechanic"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [04/23/2007 11:23 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 12:34 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 01:35 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [09/13/2007 09:31 PM]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [04/23/2007 11:23 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [1/18/2007 11:43:09 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 09/03/2007 02:59 PM 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=eNetHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^joe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\Windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\90e37c0f]
rundll32.exe "C:\Windows\system32\xvpeydrs.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCYCATS]
rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
??????????????e

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-06 14:13:10 ------------





Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™ Duo CPU T2350 @ 1.86GHz
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 2045.5 MiB / 951.93 MiB
Pagefile Memory (total/avail): 4305.03 MiB / 2791.37 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.71 MiB

C: is Fixed (NTFS) - 70.77 GiB total, 6.95 GiB free.
D: is Fixed (NTFS) - 70.47 GiB total, 67.07 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600BEVS-22RST0 ATA Device - 149.05 GiB - 3 partitions
\PARTITION0 - Unknown - 7.81 GiB
\PARTITION1 (bootable) - MS-DOS V4 Huge - 70.77 GiB - C:
\PARTITION2 - Installable File System - 70.47 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.524 v7.5.524 (Grisoft)
AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.) Disabled Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\joe\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JOE-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\joe
LOCALAPPDATA=C:\Users\joe\AppData\Local
LOGONSERVER=\\JOE-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e0c
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\joe\AppData\Local\Temp
TMP=C:\Users\joe\AppData\Local\Temp
USERDOMAIN=joe-PC
USERNAME=joe
USERPROFILE=C:\Users\joe
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

joe (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
4oD --> MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}
Acer Arcade Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
Acer Assist --> C:\Program Files\Acer Assist\uninstall.exe
Acer eDataSecurity Management --> C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
Acer Empowering Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer eNet Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x9 -removeonly
Acer ePower Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x9 -removeonly
Acer ePresentation Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly
Acer eSettings Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x9 -removeonly
Acer GridVista --> C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Acer Registration --> C:\Program Files\Acer Registration\uninstall.exe
Acer ScreenSaver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
Atheros for Acer Driver v7.2.0.127_Foxconn Installation Program --> C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\SETUP.exe -runfromtemp -l0x0009 -removeonly
Audacity 1.3.3 (Unicode) --> "C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Broadcom Driver v4.102.15.63_Foxconn Installation Program --> C:\Program Files\InstallShield Installation Information\{88410D8F-8529-492B-B556-2394A29B811B}\SETUP.exe -runfromtemp -l0x0009 -removeonly
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Cool Edit Pro 2.0 --> C:\Program Files\coolpro2\cep2unin.exe
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drive Manager --> "C:\Program Files\InstallShield Installation Information\{48B0F38D-1913-44F3-99AA-D4C55A2B038E}\setup.exe" -runfromtemp -l0x0409 -removeonly
Drive Manager --> MsiExec.exe /I{48B0F38D-1913-44F3-99AA-D4C55A2B038E}
Eusing Free Registry Cleaner --> C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
Express Burn --> C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Express Rip --> C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Guitar Pro 4 --> MsiExec.exe /X{54A2CFDE-DC70-46E0-92AC-DC88F6303D39}
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\HXFSETUP.EXE -U -IAcrZUn32z.inf
HijackThis 2.0.2 --> "C:\Users\joe\Desktop\HijackThis.exe" /uninstall
InFlac 1.1.1 --> "C:\Program Files\Winamp\InFlac-Uninstall.exe"
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
K-Lite Mega Codec Pack 1.53 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Launch Manager --> C:\Windows\UnInst32.exe LManager.UNI
Lexmark 3400 Series --> C:\Program Files\Lexmark 3400 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech QuickCam --> MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0}
Logitech® Camera Driver --> "C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
NTI Backup NOW! 4.7 --> "C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PitchPerfect Uninstall --> C:\Program Files\NCH Swift Sound\PitchPerfect\uninst.exe
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.EXE" -uninstall
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SMSC Fast Infrared Driver --> C:\Program Files\InstallShield Installation Information\{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}\setup.exe -runfromtemp -l0x0009 -removeonly
SopCast 1.1.2 --> C:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TVAnts 1.0 --> C:\PROGRA~1\tvants\UNWISE.EXE C:\PROGRA~1\tvants\INSTALL.LOG
Tvants 1.0.0.20 --> C:\PROGRA~1\tvants\UNWISE.EXE C:\PROGRA~1\tvants\INSTALL.LOG
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Xiph QuickTime Components --> "C:\Program Files\QuickTime\QTComponents\XiphQTuninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type142284 / Warning
Event Submitted/Written: 05/05/2008 08:39:46 PM
Event ID/Source: 507 / ESENT
Event Description:
msnmsgr (4520) \\.\C:\Users\joe\AppData\Local\Microsoft\Messenger\joerothuk@hotmail.com\SharingMetadata\Working\database_1C90_E39E_90E3_7CA0\dfsr.db: A request to read from the file "\\.\C:\Users\joe\AppData\Local\Microsoft\Messenger\joerothuk@hotmail.com\SharingMetadata\Working\database_1C90_E39E_90E3_7CA0\dfsr.db" at offset 319488 (0x000000000004e000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (727 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Event Record #/Type142283 / Warning
Event Submitted/Written: 05/05/2008 08:39:46 PM
Event ID/Source: 508 / ESENT
Event Description:
msnmsgr (4520) \\.\C:\Users\joe\AppData\Local\Microsoft\Messenger\joerothuk@hotmail.com\SharingMetadata\Working\database_1C90_E39E_90E3_7CA0\dfsr.db: A request to write to the file "\\.\C:\Users\joe\AppData\Local\Microsoft\Messenger\joerothuk@hotmail.com\SharingMetadata\Working\database_1C90_E39E_90E3_7CA0\fsr.log" at offset 10752 (0x0000000000002a00) for 512 (0x00000200) bytes succeeded, but took an abnormally long time (727 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Event Record #/Type142178 / Warning
Event Submitted/Written: 05/05/2008 06:48:33 PM
Event ID/Source: 508 / ESENT
Event Description:
msnmsgr (4520) \\.\C:\Users\joe\AppData\Local\Microsoft\Messenger\joerothuk@hotmail.com\SharingMetadata\Working\database_1C90_E39E_90E3_7CA0\dfsr.db: A request to write to the file "\\.\C:\Users\joe\AppData\Local\Microsoft\Messenger\joerothuk@hotmail.com\SharingMetadata\Working\database_1C90_E39E_90E3_7CA0\dfsr.db" at offset 8192 (0x0000000000002000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (61 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Event Record #/Type141992 / Warning
Event Submitted/Written: 05/05/2008 00:02:39 PM
Event ID/Source: 507 / ESENT
Event Description:
msnmsgr (4520) \\.\C:\Users\joe\AppData\Local\Microsoft\Messenger\joerothuk@hotmail.com\SharingMetadata\Working\database_1C90_E39E_90E3_7CA0\dfsr.db: A request to read from the file "\\.\C:\Users\joe\AppData\Local\Microsoft\Messenger\joerothuk@hotmail.com\SharingMetadata\Working\database_1C90_E39E_90E3_7CA0\dfsr.db" at offset 319488 (0x000000000004e000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (4805 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Event Record #/Type141965 / Success
Event Submitted/Written: 05/05/2008 10:21:29 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type72439 / Warning
Event Submitted/Written: 05/06/2008 02:11:38 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%joe-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %joe-PC27 can't undo changes that you allow.

For more information please see the following:
%joe-PC275

Scan ID: {FA926946-02FE-44E4-87E5-1AB8CB7ABCC1}

User: joe-PC\joe

Name: %joe-PC271

ID: %joe-PC272

Severity ID: %joe-PC273

Category ID: %joe-PC274

Path Found: %joe-PC276

Alert Type: %joe-PC278

Detection Type: 1.1.1505.02

Event Record #/Type72438 / Warning
Event Submitted/Written: 05/06/2008 02:11:38 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%joe-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %joe-PC27 can't undo changes that you allow.

For more information please see the following:
%joe-PC275

Scan ID: {AB04984A-1F23-4010-89CF-EB4E3F88580D}

User: joe-PC\joe

Name: %joe-PC271

ID: %joe-PC272

Severity ID: %joe-PC273

Category ID: %joe-PC274

Path Found: %joe-PC276

Alert Type: %joe-PC278

Detection Type: 1.1.1505.02

Event Record #/Type72437 / Warning
Event Submitted/Written: 05/06/2008 02:11:38 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%joe-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %joe-PC27 can't undo changes that you allow.

For more information please see the following:
%joe-PC275

Scan ID: {039F4BAD-91DF-47DE-B021-D576080CF608}

User: joe-PC\joe

Name: %joe-PC271

ID: %joe-PC272

Severity ID: %joe-PC273

Category ID: %joe-PC274

Path Found: %joe-PC276

Alert Type: %joe-PC278

Detection Type: 1.1.1505.02

Event Record #/Type72436 / Warning
Event Submitted/Written: 05/06/2008 02:11:38 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%joe-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %joe-PC27 can't undo changes that you allow.

For more information please see the following:
%joe-PC275

Scan ID: {62B400FA-C661-46B4-9928-47A46AC34B9E}

User: joe-PC\joe

Name: %joe-PC271

ID: %joe-PC272

Severity ID: %joe-PC273

Category ID: %joe-PC274

Path Found: %joe-PC276

Alert Type: %joe-PC278

Detection Type: 1.1.1505.02

Event Record #/Type72419 / Error
Event Submitted/Written: 05/06/2008 10:06:21 AM
Event ID/Source: 4321 / netbt
Event Description:
The name "JOE-PC :20" could not be registered on the interface with IP address 10.247.50.202.
The computer with the IP address 10.247.48.102 did not allow the name to be claimed by
this computer.



-- End of Deckard's System Scanner: finished at 2008-05-06 14:13:10 ------------

#13 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:52 AM

Posted 07 May 2008 - 04:15 PM

Perform an online scan with Internet Explorer with Panda ActiveScan
  • Click on Posted Image located at the bottom of the page.
  • A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  • Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting Posted Image
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on Posted Image then click Posted Image
[size=1]* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#14 joerothuk

joerothuk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 08 May 2008 - 06:57 AM

Ok here we go. This is the result of the panda scan.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-08 12:22:31
PROTECTIONS: 1
MALWARE: 31
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG 7.5.524 7.5.524 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00034347 dialer.su Dialers No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\switch
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@doubleclick[3].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@atdmt[1].txt
00139535 Application/Processor HackTools No 0 No No C:\Users\joe\Desktop\antispyware\VirtumundoBeGone.exe[²ƒĒ]
00139535 Application/Processor HackTools No 0 Yes No C:\Users\joe\Desktop\smitRem\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Program Files\Mozilla Firefox\smitRem\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Users\joe\Desktop\smitRem.exe[smitRem/Process.exe]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@tradedoubler[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@mediaplex[1].txt
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@anm.co[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.statcounter.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@apmebf[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.bs.serving-sys.com/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.adtech.de/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@advertising[3].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.advertising.com/]
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@media.adrevolver[1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@media.adrevolver[4].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@ads.pointroll[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.overture.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@bluestreak[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.bluestreak.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@adrevolver[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@adrevolver[3].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\9hak9mxd.default\cookies.txt[.adrevolver.com/]
00519333 Application/Processor HackTools No 0 Yes No C:\Users\joe\Desktop\antispyware\VirtumundoBeGone.exe
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Users\joe\Desktop\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
01228695 Adware/Gator Adware No 0 Yes No C:\_OTMoveIt\MovedFiles\05062008_140909\Users\joe\Desktop\stuff\divx.zip[Divx.exe]
02935884 Spyware/Virtumonde Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\05062008_140909\Users\joe\Desktop\backups\backup-20080427-232454-539.dll
02935884 Spyware/Virtumonde Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\05062008_140909\Users\joe\Desktop\backups\backup-20080428-114919-116.dll
02935884 Spyware/Virtumonde Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\05062008_140909\Users\joe\Desktop\backups\backup-20080427-010556-677.dll
02935884 Spyware/Virtumonde Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\05062008_140909\Users\joe\Desktop\backups\backup-20080427-005904-171.dll
02935884 Spyware/Virtumonde Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\05062008_140909\Users\joe\Desktop\antispyware\backups\backup-20080502-122417-178.dll
02935884 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\catchme2008-05-03_211850.74.zip[khfcAtQj.dll]
02935884 Spyware/Virtumonde Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\05062008_140909\Users\joe\Desktop\antispyware\backups\backup-20080501-101932-948.dll
02935884 Spyware/Virtumonde Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\05062008_140909\Users\joe\Desktop\antispyware\backups\backup-20080501-182117-280.dll
02936549 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\Windows\System32\wwsfopld.dll.vir
02936549 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\Windows\System32\ckvttign.dll.vir
02936950 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\joe\Desktop\backups\backup-20080427-232454-659.dll
02936973 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\Windows\System32\gbxxbhip.dll.vir
02937197 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\Windows\System32\egciytky.dll.vir
02937197 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\joe\Desktop\antispyware\backups\backup-20080502-122417-765.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location P�"��|
3
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description P�"��|
3
;===================================================================================================================================================================================
;===================================================================================================================================================================================

#15 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:52 AM

Posted 15 May 2008 - 03:30 AM

Hello

Sorry for the delayed response. I was busy
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users