Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Have No Idea Wat Is Infecting My Pc


  • This topic is locked This topic is locked
6 replies to this topic

#1 scorpianne

scorpianne

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 02 June 2008 - 11:51 AM

Deckard's System Scanner v20071014.68
Run by User on 2008-06-02 12:13:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 1 Restore Point(s) --
1: 2008-06-02 16:13:48 UTC - RP1 - Deckard's System Scanner Restore Point


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-02 12:32:02
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
I:\WINDOWS\system32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\AVG\AVG8\avgwdsvc.exe
I:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
I:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
I:\WINDOWS\system32\cisvc.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\WINDOWS\system32\HPZipm12.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\AVG\AVG8\avgrsx.exe
I:\Program Files\AVG\AVG8\avgemc.exe
I:\WINDOWS\explorer.exe
I:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe
I:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
I:\WINDOWS\system32\VTTimer.exe
I:\Program Files\Common Files\Real\Update_OB\realsched.exe
I:\Program Files\SysMetrix\SysMetrix.exe
I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
I:\WINDOWS\sm56hlpr.exe
I:\WINDOWS\RTHDCPL.exe
I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
I:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
I:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\HP\HP Software Update\hpwuSchd2.exe
I:\Program Files\PC Connectivity Solution\ServiceLayer.exe
I:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
I:\WINDOWS\system32\rundll32.exe
I:\Program Files\AVG\AVG8\avgtray.exe
I:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
I:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
I:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
I:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
I:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
I:\WINDOWS\system32\cidaemon.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Program Files\CursorXP\CursorXP.exe
I:\Documents and Settings\User\Desktop\games\dss.exe
I:\WINDOWS\system32\dwwin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - I:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F0 - system.ini: Shell=Explorer.exe "I:\WINDOWS\sembako-cizjmqi.exe"
F2 - REG:system.ini: Shell=Explorer.exe "I:\WINDOWS\sembako-cizjmqi.exe"
F2 - REG:system.ini: UserInit=userinit.exe,EXPLORER.EXE
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - I:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - I:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: rightonads optimizer - {10F3E8BD-257A-4702-A2F5-DC02055B068C} - I:\WINDOWS\system32\gzmrt.dll (file missing)
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - I:\WINDOWS\system32\iebrowserc.dll (file missing)
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - I:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - I:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - I:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - I:\WINDOWS\system32\SoftAheadCert.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - I:\PROGRA~1\IWINGA~1\IWINGA~1.DLL (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: mysidesearch browser optimizer - {997b7d0f-05f9-bf5f-5c1f-3474314aa494} - I:\WINDOWS\system32\{02180ca4-c168-c5cc-ecc4-3e097e62ad0a}.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - I:\WINDOWS\system32\.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - I:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - I:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - (no file)
O2 - BHO: Zango /fleok=1D8A83A5C5EC187A9AAA6C2A1FBB39BFE4976E26CAEDDA7B54784F213ACEC2 - {E1BACF55-35E1-4E47-9247-2D48660E5545} - I:\Program Files\Zango\bin\10.1.181.0\HostIE.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - I:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - I:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Zango - {E1BACF55-35E1-4E47-9247-2D48660E5545} - I:\Program Files\Zango\bin\10.1.181.0\HostIE.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - I:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - I:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - I:\Program Files\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [ZangoOE] I:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe
O4 - HKLM\..\Run: [YSearchProtection] "I:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SysMetrix] I:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] I:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] I:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 I:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [LogonStudio] "I:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] I:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [googletalk] I:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Google Desktop Search] "I:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Bron-Spizaetus] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "I:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] I:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZangoSA] "I:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe"
O4 - HKLM\..\Run: [BearFlix] "I:\Program Files\BearFlix\bearflix.exe" /pause
O4 - HKCU\..\Run: [Yahoo! Pager] "I:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [wsctf.exe] wsctf.exe
O4 - HKCU\..\Run: [waultc] I:\Documents and Settings\User\Application Data\waultc.exe
O4 - HKCU\..\Run: [uTorrent] "I:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Tok-Cirrhatus-1398] "I:\Documents and Settings\User\Local Settings\Application Data\br3819on.exe"
O4 - HKCU\..\Run: [Tok-Cirrhatus] I:\Documents and Settings\User\Application Data\waultc.exe
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE
O4 - HKCU\..\Run: [CursorXP] I:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "I:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] I:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Tok-Cirrhatus-1860] "I:\Documents and Settings\User\Local Settings\Application Data\br4743on.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] I:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Tok-Cirrhatus-1860] "I:\Documents and Settings\User\Local Settings\Application Data\br4743on.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = I:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Google Updater.lnk = I:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZN
O8 - Extra context menu item: &Winamp Toolbar Search - I:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://I:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - I:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - I:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - I:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - I:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://I:\Program Files\Wedding Dash\Images\stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - I:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://I:\Program Files\Wedding Dash\Images\armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - I:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - I:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - I:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - I:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - I:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - I:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - I:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - I:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: I:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - I:\Program Files\Ares\chatServer.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - I:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - I:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - I:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - I:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - I:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OneStep Search Service - Unknown owner - I:\Program Files\OneStepSearch\onestep.exe
O23 - Service: Pml Driver HPZ12 - HP - I:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - I:\Program Files\PC Connectivity Solution\ServiceLayer.exe


--
End of file - 16683 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - I:\WINDOWS\system32\shell32.dll,71
.hlp - hlpfile - DefaultIcon - I:\WINDOWS\System32\shell32.dll,23
.inf - inffile - DefaultIcon - I:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - I:\WINDOWS\system32\shell32.dll,69
.reg - regfile - DefaultIcon - I:\WINDOWS\regedit.exe,1
.txt - txtfile - DefaultIcon - I:\WINDOWS\system32\shell32.dll,-152
.vbs - VBSFile - DefaultIcon - I:\WINDOWS\system32\WScript.exe,2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - i:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R1 StarOpen - i:\windows\system32\drivers\staropen.sys
R2 BTSERIAL (Bluetooth Serial Driver) - i:\windows\system32\drivers\btserial.sys
R2 BTSLBCSP (Bluetooth Port Client Driver) - i:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.2 Build 10>
R3 BlueletAudio (Bluetooth Audio Service) - i:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BlueletSCOAudio (Bluetooth SCO Audio Service) - i:\windows\system32\drivers\blueletscoaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - i:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - i:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
R3 BTHidEnum (Bluetooth HID Enumerator) - i:\windows\system32\drivers\vbtenum.sys
R3 VComm (Virtual Serial port driver) - i:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - i:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S0 BootScreen - i:\windows\\systemroot\system32\drivers\vidstub.sys (file missing)
S3 BTNetFilter (Bluetooth Network Filter) - i:\program files\ivt corporation\bluesoleil\device\win2k\btnetfilter.sys
S3 GMSIPCI - g:\install\gmsipci.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "i:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 BlueSoleil Hid Service - i:\program files\ivt corporation\bluesoleil\btntservice.exe
R3 ServiceLayer - "i:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S2 OneStep Search Service - "i:\program files\onestepsearch\onestep.exe" "i:\program files\onestepsearch\onestep.dll" service (file missing)
S3 AresChatServer (Ares Chatroom server) - i:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Pretty hot & thick
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Pretty hot and thick
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Pretty hot and thick
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd


-- Scheduled Tasks -------------------------------------------------------------

2008-06-01 17:08:00 406 --a------ I:\WINDOWS\Tasks\At2.job
2008-06-01 11:03:00 406 --a------ I:\WINDOWS\Tasks\At1.job
2008-05-30 17:22:54 388 --a------ I:\WINDOWS\Tasks\1-Click Maintenance.job
2008-05-30 15:04:29 406 --a------ I:\WINDOWS\Tasks\Norton Security Scan.job
2008-05-29 14:21:12 284 --a------ I:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-02 and 2008-06-02 -----------------------------

2008-06-02 10:02:18 0 d-------- I:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-02 10:02:17 0 d-------- I:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-02 09:52:36 0 d-------- I:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-30 18:23:12 0 d-------- I:\Program Files\FunWebProducts
2008-05-29 23:56:33 0 d-------- I:\Program Files\Musicnotes
2008-05-29 23:49:17 0 d-------- I:\Documents and Settings\All Users\Application Data\Musicnotes
2008-05-28 23:29:02 0 d-------- I:\Program Files\msn gaming zone
2008-05-28 23:21:22 0 dr------- I:\Documents and Settings\Administrator\Start Menu
2008-05-28 23:21:22 0 dr-h----- I:\Documents and Settings\Administrator\SendTo
2008-05-28 23:21:22 0 d--h----- I:\Documents and Settings\Administrator\Recent
2008-05-28 23:21:22 0 d--h----- I:\Documents and Settings\Administrator\PrintHood
2008-05-28 23:21:22 0 d--h----- I:\Documents and Settings\Administrator\NetHood
2008-05-28 23:21:22 0 d-------- I:\Documents and Settings\Administrator\My Documents
2008-05-28 23:21:22 0 d-------- I:\Documents and Settings\Administrator\Favorites
2008-05-28 23:21:22 0 d-------- I:\Documents and Settings\Administrator\Desktop
2008-05-28 22:39:03 0 d--h----- I:\Documents and Settings\Administrator\Templates
2008-05-28 22:39:03 786432 --ah----- I:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-28 22:39:03 0 d--h----- I:\Documents and Settings\Administrator\Local Settings
2008-05-28 22:39:03 0 d---s---- I:\Documents and Settings\Administrator\Cookies
2008-05-28 22:39:03 0 dr-h----- I:\Documents and Settings\Administrator\Application Data
2008-05-28 22:39:03 0 d---s---- I:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-27 00:18:35 0 d--h----- I:\$AVG8.VAULT$
2008-05-26 20:37:44 0 d-------- I:\WINDOWS\system32\drivers\Avg
2008-05-26 20:37:43 0 d-------- I:\Documents and Settings\User\Application Data\AVGTOOLBAR
2008-05-26 20:37:21 0 d-------- I:\Program Files\AVG
2008-05-26 20:37:21 0 d-------- I:\Documents and Settings\All Users\Application Data\avg8
2008-05-19 09:55:20 439808 --a------ I:\WINDOWS\system32\{02180ca4-c168-c5cc-ecc4-3e097e62ad0a}.dll
2008-05-18 00:21:02 0 d-------- I:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-05-18 00:19:23 0 d-------- I:\Documents and Settings\User\Application Data\NCH Swift Sound
2008-05-15 15:37:38 0 d-------- I:\Program Files\iPod
2008-05-15 15:34:29 0 d-------- I:\Program Files\iTunes
2008-05-15 14:58:10 0 d-------- I:\Program Files\Common Files\Apple
2008-05-15 14:36:13 0 d-------- I:\Program Files\Safari
2008-05-11 00:41:12 0 dr------- I:\Documents and Settings\LocalService\Favorites
2008-05-04 21:13:32 719872 --a------ I:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2008-05-04 21:13:32 314368 --a------ I:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2008-05-04 21:13:30 0 d-------- I:\Program Files\Magic Video Converter
2008-05-03 01:53:58 0 d-------- I:\Program Files\Xilisoft


-- Find3M Report ---------------------------------------------------------------

2008-06-02 12:18:12 0 d-------- I:\Documents and Settings\User\Application Data\uTorrent
2008-06-02 11:10:48 0 d-------- I:\Program Files\SysMetrix
2008-06-02 08:13:29 0 d-------- I:\Documents and Settings\User\Application Data\StarOffice8
2008-06-01 00:16:31 256 --a------ I:\Documents and Settings\User\Application Data\urlredir.cfg
2008-05-30 15:00:16 0 d-------- I:\Program Files\Norton Security Scan
2008-05-28 23:20:26 0 d-------- I:\Program Files\Common Files\Stardock
2008-05-28 22:52:54 0 d-------- I:\Program Files\Common Files\AVSMedia
2008-05-28 22:50:11 0 d-------- I:\Program Files\vanBasco's Karaoke Player
2008-05-28 22:50:11 0 d-------- I:\Program Files\Tetris Revolution
2008-05-28 22:50:08 0 d-------- I:\Program Files\mobile PhoneTools
2008-05-28 22:50:05 0 d-------- I:\Program Files\Cooking Academy
2008-05-27 17:38:14 0 d-------- I:\Program Files\Star Defender 4
2008-05-27 03:07:25 0 d-------- I:\Documents and Settings\User\Application Data\LimeWire
2008-05-27 02:29:17 0 d-------- I:\Program Files\Burger Rush
2008-05-26 13:14:10 0 d-------- I:\Program Files\HP
2008-05-21 16:05:03 0 d-------- I:\Program Files\Acala DVD 3gp Ripper
2008-05-16 18:44:15 0 d-------- I:\Documents and Settings\User\Application Data\Apple Computer
2008-05-15 15:30:05 0 d-a------ I:\Program Files\QuickTime
2008-05-15 14:58:10 0 d-------- I:\Program Files\Common Files
2008-05-15 00:45:21 0 d-------- I:\Program Files\Yahoo!
2008-05-13 20:48:51 0 d-------- I:\Program Files\Pizza Frenzy
2008-05-13 20:27:24 0 d-------- I:\Program Files\Winamp Remote
2008-05-07 01:27:54 0 d-------- I:\Program Files\DivX
2008-05-06 23:51:57 0 d-------- I:\Program Files\Star Defender 3
2008-05-05 21:35:52 0 d-------- I:\Program Files\StarDefender3_at
2008-05-05 21:31:39 0 d-------- I:\Program Files\Sony
2008-05-05 18:22:56 0 d-------- I:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-04-29 15:34:45 0 d-------- I:\Program Files\Apple Software Update
2008-04-28 22:56:39 10 -r-hs---- I:\WINDOWS\system32\sistem.sys
2008-04-26 00:54:35 0 d-------- I:\Program Files\Serif
2008-04-26 00:54:33 0 d--h----- I:\Program Files\InstallShield Installation Information
2008-04-25 17:28:36 0 d-------- I:\Documents and Settings\User\Application Data\Sony Corporation
2008-04-23 23:23:00 0 d-------- I:\Program Files\Yahoo! Games
2008-04-22 23:13:58 0 d-------- I:\Program Files\LimeWire
2008-04-21 00:22:05 0 d-------- I:\Documents and Settings\User\Application Data\Adobe
2008-04-21 00:21:54 1911 --a------ I:\WINDOWS\mozver.dat
2008-04-19 01:50:21 98304 --a------ I:\WINDOWS\system32\SoftAheadCert.dll <Not Verified; SoftAhead Inc.; SoftAheadCert Module>
2008-04-17 19:37:37 23857 --a------ I:\Documents and Settings\User\Application Data\NMM-MetaData.db
2008-04-14 13:34:51 89070 --a------ I:\WINDOWS\system32\myss_sb_uninstall.exe
2008-04-12 02:24:07 0 d-------- I:\Documents and Settings\User\Application Data\dvdcss
2008-04-11 08:10:01 0 d-------- I:\Documents and Settings\User\Application Data\Real
2008-04-09 16:47:33 0 d-------- I:\Documents and Settings\User\Application Data\skypePM
2008-04-09 03:28:52 0 d-------- I:\Program Files\Sun
2008-04-09 03:02:03 0 d-------- I:\Program Files\Common Files\xing shared
2008-04-09 03:01:23 0 d-------- I:\Program Files\Common Files\Real
2008-04-09 03:00:06 0 d-------- I:\Program Files\Real
2008-04-09 02:52:42 0 d-------- I:\Program Files\Google
2008-04-08 02:14:35 0 d--hs---- I:\Documents and Settings\User\Application Data\.#
2008-04-08 00:51:51 0 d-------- I:\Documents and Settings\User\Application Data\Teggo
2008-04-08 00:42:52 0 d-------- I:\Program Files\iWin.com
2008-03-31 17:25:48 823296 --a------ I:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:48 823296 --a------ I:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:46 802816 --a------ I:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ I:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ I:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-03-21 16:30:08 3596288 --a------ I:\WINDOWS\system32\qt-dx331.dll
2008-03-21 16:28:54 196608 --a------ I:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ I:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ I:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 10:36:07 84729 --a------ I:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-03-09 22:51:48 80090 --a------ I:\WINDOWS\system32\adssite-remove.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F3E8BD-257A-4702-A2F5-DC02055B068C}]
I:\WINDOWS\system32\gzmrt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D8282E6-BC4F-469B-AAED-7E4FF077AD93}]
I:\WINDOWS\system32\iebrowserc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
10/04/2007 04:06 PM 1135968 --a------ I:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
I:\PROGRA~1\IWINGA~1\IWINGA~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{997b7d0f-05f9-bf5f-5c1f-3474314aa494}]
05/19/2008 09:55 AM 439808 --a------ I:\WINDOWS\system32\{02180ca4-c168-c5cc-ecc4-3e097e62ad0a}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}]
I:\WINDOWS\system32\.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/26/2008 08:37 PM 2050816 --a------ I:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1BACF55-35E1-4E47-9247-2D48660E5545}]
12/13/2007 03:54 PM 546056 --a------ I:\Program Files\Zango\bin\10.1.181.0\HostIE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
02/16/2008 02:55 PM 262144 --a------ I:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= I:\Program Files\Winamp Toolbar\winamptb.dll [10/04/2007 04:06 PM 1135968]
"{E1BACF55-35E1-4E47-9247-2D48660E5545}"= I:\Program Files\Zango\bin\10.1.181.0\HostIE.dll [12/13/2007 03:54 PM 546056]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= I:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [02/16/2008 02:55 PM 262144]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= I:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/26/2008 08:37 PM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[-HKEY_CLASSES_ROOT\CLSID\{E1BACF55-35E1-4E47-9247-2D48660E5545}]
[HKEY_CLASSES_ROOT\HostIE.Bho.1]
[HKEY_CLASSES_ROOT\TypeLib\{087C4054-0A2B-4F35-B0DB-BED3E21650F4}]
[HKEY_CLASSES_ROOT\HostIE.Bho]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZangoOE"="I:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe" [12/13/2007 03:53 PM]
"YSearchProtection"="I:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 10:59 AM]
"VTTimer"="VTTimer.exe" [04/07/2006 04:45 AM I:\WINDOWS\system32\VTTimer.exe]
"UserFaultCheck"="I:\WINDOWS\system32\dumprep 0 -u" []
"TkBellExe"="I:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/09/2008 03:00 AM]
"SysMetrix"="I:\Program Files\SysMetrix\SysMetrix.exe" [02/25/2006 04:09 PM]
"SunJavaUpdateSched"="I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"SMSERIAL"="sm56hlpr.exe" [06/06/2005 05:40 AM I:\WINDOWS\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [04/17/2006 03:34 AM I:\WINDOWS\RTHDCPL.exe]
"RemoteControl"="I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [01/12/2005 03:01 AM]
"QuickTime Task"="I:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"PCSuiteTrayApplication"="I:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [03/23/2007 01:20 PM]
"NeroFilterCheck"="I:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"MyWebSearch Email Plugin"="I:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [10/07/2007 06:32 PM]
"My Web Search Bar"="I:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL" [10/07/2007 06:32 PM]
"LogonStudio"="I:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [09/03/2002 06:38 PM]
"iTunesHelper"="I:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"HP Software Update"="I:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"googletalk"="I:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 05:22 PM]
"Google Desktop Search"="I:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [04/09/2008 02:47 AM]
"Bron-Spizaetus"="I:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/09/2008 03:00 AM]
"BootSkin Startup Jobs"="I:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [04/26/2004 04:21 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [02/28/2006 08:00 AM I:\WINDOWS\system32\bthprops.cpl]
"AVG8_TRAY"="I:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/26/2008 08:37 PM]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 AM I:\WINDOWS\Alcmtr.exe]
"Adobe Reader Speed Launcher"="I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"ZangoSA"="I:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe" [12/13/2007 04:13 PM]
"BearFlix"="I:\Program Files\BearFlix\bearflix.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="I:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/27/2007 04:19 PM]
"wsctf.exe"="wsctf.exe" []
"waultc"="I:\Documents and Settings\User\Application Data\waultc.exe" []
"uTorrent"="I:\Program Files\uTorrent\uTorrent.exe" [03/16/2008 10:35 PM]
"Tok-Cirrhatus-1398"="I:\Documents and Settings\User\Local Settings\Application Data\br3819on.exe" []
"Tok-Cirrhatus"="I:\Documents and Settings\User\Application Data\waultc.exe" []
"MsnMsgr"="I:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"EXPLORER.EXE"="EXPLORER.EXE" [06/13/2007 06:23 AM I:\WINDOWS\explorer.exe]
"CursorXP"="I:\Program Files\CursorXP\CursorXP.exe" [01/19/2005 04:34 PM]
"ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [02/28/2006 08:00 AM]
"ares"="I:\Program Files\Ares\Ares.exe" [07/16/2007 05:54 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=I:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"Tok-Cirrhatus-1860"="I:\Documents and Settings\User\Local Settings\Application Data\br4743on.exe"
"Tok-Cirrhatus"=

I:\Documents and Settings\User\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - I:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [4/25/2008 5:04:59 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableCMD"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableCMD"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe \"I:\WINDOWS\sembako-cizjmqi.exe\""
"Userinit"="userinit.exe,EXPLORER.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=I:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4518a15a-03fc-11dc-a485-001617dc91c4}]
AutoRun\command- I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- C:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fdc004d-06ed-11dd-a6e0-000272d0d964}]
AutoRun\command- I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- H:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{861891c3-fca3-11db-a155-001617dc913f}]
AutoRun\command- I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- Recycled\ctfmon.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 www.sophos.com
127.0.0.1 sophos.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.viruslist.com
127.0.0.1 viruslist.com

168 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-02 12:36:42 ------------

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 06 June 2008 - 01:38 PM

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following...

Please go to Start >> Run and type or copy/paste the following in the run box: "%userprofile%\desktop\games\dss.exe" /daft . Then press Enter
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.



NEXT


Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.



Please post the following in your next reply..

1. ComboFix log
2. A fresh HijackThis log (after ComboFix step)


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 16 June 2008 - 08:28 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 scorpianne

scorpianne
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 22 June 2008 - 12:33 PM

ComboFix 08-06-20.4 - User 2008-06-22 2:32:46.1 - NTFSx86
Running from: I:\Documents and Settings\User\Desktop\games\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

I:\Documents and Settings\Administrator\Application Data\urlredir.cfg
I:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
I:\Documents and Settings\All Users\Application Data\ZangoSA
I:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat
I:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat
I:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht
I:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat
I:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht
I:\Documents and Settings\All Users\Start Menu\Programs\Zango
I:\Documents and Settings\All Users\Start Menu\Programs\Zango\Reset Cursor.lnk
I:\Documents and Settings\All Users\Start Menu\Programs\Zango\Weather.lnk
I:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Customer Support Center.lnk
I:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Games!.lnk
I:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Library.lnk
I:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Screensavers!.lnk
I:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Uninstall Instructions.lnk
I:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Videos!.lnk
I:\Documents and Settings\User\Application Data\.#
I:\Documents and Settings\User\Application Data\FunWebProducts
I:\Documents and Settings\User\Application Data\ShoppingReport
I:\Documents and Settings\User\Application Data\ShoppingReport\cs\Config.xml
I:\Documents and Settings\User\Application Data\ShoppingReport\cs\db\Aliases.dbs
I:\Documents and Settings\User\Application Data\ShoppingReport\cs\db\Sites.dbs
I:\Documents and Settings\User\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
I:\Documents and Settings\User\Application Data\ShoppingReport\cs\report\aggr_storage.xml
I:\Documents and Settings\User\Application Data\ShoppingReport\cs\report\send_storage.xml
I:\Documents and Settings\User\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
I:\Documents and Settings\User\Application Data\urlredir.cfg
I:\Documents and Settings\User\Application Data\WeatherDPA
I:\Documents and Settings\User\Application Data\WeatherDPA\Weather\WeatherStartup.xml
I:\Documents and Settings\User\Application Data\Zango
I:\Program Files\FunWebProducts
I:\Program Files\FunWebProducts\ScreenSaver\Images\0050558D.urr
I:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
I:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
I:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
I:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
I:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
I:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
I:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
I:\Program Files\internet explorer\msimg32.dll
I:\Program Files\MyWebSearch
I:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
I:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
I:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
I:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
I:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
I:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
I:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
I:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
I:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
I:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
I:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
I:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
I:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
I:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
I:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
I:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
I:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
I:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
I:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
I:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
I:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
I:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
I:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
I:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
I:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
I:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
I:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
I:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
I:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
I:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
I:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
I:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
I:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
I:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
I:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
I:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
I:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
I:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
I:\Program Files\MyWebSearch\bar\Cache\00029C07
I:\Program Files\MyWebSearch\bar\Cache\0003B883
I:\Program Files\MyWebSearch\bar\Cache\00071386
I:\Program Files\MyWebSearch\bar\Cache\00072652
I:\Program Files\MyWebSearch\bar\Cache\006DCD21
I:\Program Files\MyWebSearch\bar\Cache\00B291ED
I:\Program Files\MyWebSearch\bar\Cache\015D95E5.bin
I:\Program Files\MyWebSearch\bar\Cache\015D9818.bin
I:\Program Files\MyWebSearch\bar\Cache\015D9A4A.bin
I:\Program Files\MyWebSearch\bar\Cache\0196C82B
I:\Program Files\MyWebSearch\bar\Cache\01D2C3F1
I:\Program Files\MyWebSearch\bar\Cache\03B728B4
I:\Program Files\MyWebSearch\bar\Cache\0C5D6CD0
I:\Program Files\MyWebSearch\bar\Cache\0C5D759A.bin
I:\Program Files\MyWebSearch\bar\Cache\0C5D92D7.bin
I:\Program Files\MyWebSearch\bar\Cache\0C5D9661.bin
I:\Program Files\MyWebSearch\bar\Cache\0C5D98A3.bin
I:\Program Files\MyWebSearch\bar\Cache\0D03E8EE.bin
I:\Program Files\MyWebSearch\bar\Cache\0D040783.bin
I:\Program Files\MyWebSearch\bar\Cache\0D041202.bin
I:\Program Files\MyWebSearch\bar\Cache\0D041907.bin
I:\Program Files\MyWebSearch\bar\Cache\0D04349D.bin
I:\Program Files\MyWebSearch\bar\Cache\files.ini
I:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
I:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
I:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
I:\Program Files\MyWebSearch\bar\History\search2
I:\Program Files\MyWebSearch\bar\icons\CM.ICO
I:\Program Files\MyWebSearch\bar\icons\MFC.ICO
I:\Program Files\MyWebSearch\bar\icons\PSS.ICO
I:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
I:\Program Files\MyWebSearch\bar\icons\WB.ICO
I:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
I:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
I:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
I:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
I:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
I:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
I:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
I:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
I:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
I:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
I:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
I:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
I:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
I:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
I:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
I:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
I:\Program Files\ShoppingReport
I:\Program Files\ShoppingReport\Uninst.exe
I:\Program Files\zango
I:\Program Files\zango\bin\10.3.65.0\arrow.ico
I:\Program Files\zango\bin\10.3.65.0\CntntCntr.dll
I:\Program Files\zango\bin\10.3.65.0\copyright.txt
I:\Program Files\zango\bin\10.3.65.0\CoreSrv.dll
I:\Program Files\zango\bin\10.3.65.0\firefox\extensions\chrome.manifest
I:\Program Files\zango\bin\10.3.65.0\firefox\extensions\components\npclntax.xpt
I:\Program Files\zango\bin\10.3.65.0\firefox\extensions\install.rdf
I:\Program Files\zango\bin\10.3.65.0\firefox\extensions\plugins\npclntax_ZangoSA.dll
I:\Program Files\zango\bin\10.3.65.0\HostIE.dll
I:\Program Files\zango\bin\10.3.65.0\HostOE.dll
I:\Program Files\zango\bin\10.3.65.0\HostOL.dll
I:\Program Files\zango\bin\10.3.65.0\link.ico
I:\Program Files\zango\bin\10.3.65.0\OEAddOn.exe
I:\Program Files\zango\bin\10.3.65.0\Srv.exe
I:\Program Files\zango\bin\10.3.65.0\Toolbar.dll
I:\Program Files\zango\bin\10.3.65.0\Wallpaper.dll
I:\Program Files\zango\bin\10.3.65.0\Weather.exe
I:\Program Files\zango\bin\10.3.65.0\WeSkin.dll
I:\Program Files\zango\bin\10.3.65.0\ZangoSA.exe
I:\Program Files\zango\bin\10.3.65.0\ZangoSAAX.dll
I:\Program Files\zango\bin\10.3.65.0\ZangoSADF.exe
I:\Program Files\zango\bin\10.3.65.0\ZangoSAHook.dll
I:\Program Files\zango\bin\10.3.65.0\ZangoUninstaller.exe
I:\UGA6P
I:\WINDOWS\system32\adssite-remove.exe
I:\WINDOWS\system32\f3PSSavr.scr
I:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
I:\WINDOWS\system32\rightonadz-uninst.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FMTR


((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.

2008-06-22 00:43 . 2008-06-22 00:43 664 --a------ I:\WINDOWS\system32\d3d9caps.dat
2008-06-21 12:47 . 2008-06-21 12:47 552 --a------ I:\WINDOWS\system32\d3d8caps.dat
2008-06-09 01:06 . 2008-06-09 01:06 2,560 --a------ I:\WINDOWS\_MSRSTRT.EXE
2008-06-06 14:47 . 2008-06-06 05:14 422,314 --a------ I:\3D Juiced 2 Hot Import Night.jar
2008-06-06 14:44 . 2008-06-06 14:44 <DIR> d-------- I:\gry do nokii
2008-06-06 01:08 . 2008-06-06 01:08 <DIR> d--h----- I:\Documents and Settings\All Users\Application Data\{A850D4D9-871B-4234-908D-21C457767270}
2008-06-04 22:28 . 2008-06-04 22:28 <DIR> d-------- I:\WINDOWS\ShellNew
2008-06-04 22:26 . 2008-06-04 22:26 <DIR> d-------- I:\Documents and Settings\User\Application Data\Microsoft Web Folders
2008-06-03 18:01 . 2008-06-03 18:01 <DIR> d-------- I:\Program Files\Dairy Dash
2008-06-03 17:58 . 2008-06-03 17:58 <DIR> d-------- I:\Program Files\bfgclient
2008-06-02 14:21 . 2008-06-02 14:21 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-06-02 11:02 . 2008-06-02 11:02 <DIR> d-------- I:\Deckard
2008-05-30 03:52 . 2007-06-08 08:11 831,048 --a------ I:\WINDOWS\system32\WudfUpdate_01005.dll
2008-05-29 23:56 . 2008-05-29 23:56 <DIR> d-------- I:\Program Files\Musicnotes
2008-05-29 23:49 . 2008-05-29 23:49 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\Musicnotes
2008-05-28 22:39 . 2008-06-21 22:18 <DIR> d-------- I:\Documents and Settings\Administrator
2008-05-27 00:18 . 2008-06-09 00:40 <DIR> d--h----- I:\$AVG8.VAULT$
2008-05-26 20:37 . 2008-06-22 08:07 <DIR> d-------- I:\WINDOWS\system32\drivers\Avg
2008-05-26 20:37 . 2008-05-26 20:37 <DIR> d-------- I:\Program Files\AVG
2008-05-26 20:37 . 2008-05-27 19:42 <DIR> d-------- I:\Documents and Settings\User\Application Data\AVGTOOLBAR
2008-05-26 20:37 . 2008-05-26 20:37 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\avg8
2008-05-26 20:37 . 2008-05-26 20:37 96,520 --a------ I:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-26 20:37 . 2008-05-26 20:37 75,272 --a------ I:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-26 20:37 . 2008-05-26 20:37 10,520 --a------ I:\WINDOWS\system32\avgrsstx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 06:44 --------- d-----w I:\Documents and Settings\User\Application Data\uTorrent
2008-06-22 05:31 --------- d-----w I:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-22 05:21 --------- d-----w I:\Program Files\SysMetrix
2008-06-22 02:14 --------- d-----w I:\Program Files\Google
2008-06-21 22:09 --------- d-----w I:\Documents and Settings\User\Application Data\StarOffice8
2008-06-20 19:00 --------- d-----w I:\Program Files\Norton Security Scan
2008-06-15 22:05 --------- d-----w I:\Program Files\Star Defender 4
2008-06-09 22:58 --------- d-----w I:\Documents and Settings\User\Application Data\LimeWire
2008-06-08 00:03 --------- d-----w I:\Program Files\vanBasco's Karaoke Player
2008-06-07 18:27 --------- d-----w I:\Program Files\Magic Video Converter
2008-06-06 05:07 --------- d-----w I:\Program Files\Stardock
2008-06-05 02:26 --------- d-----w I:\Program Files\microsoft frontpage
2008-06-03 22:12 --------- d---a-w I:\Documents and Settings\All Users\Application Data\TEMP
2008-06-03 22:07 --------- d-----w I:\Documents and Settings\User\Application Data\PlayFirst
2008-06-03 22:07 --------- d-----w I:\Documents and Settings\All Users\Application Data\PlayFirst
2008-06-03 22:05 --------- d-----w I:\Program Files\LimeWire
2008-06-02 19:21 --------- d-----w I:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-29 03:20 --------- d-----w I:\Program Files\Common Files\Stardock
2008-05-29 03:15 163,712 ----a-w I:\WINDOWS\system32\drivers\vidstub.sys
2008-05-29 02:52 --------- d-----w I:\Program Files\Common Files\AVSMedia
2008-05-29 02:50 --------- d-----w I:\Program Files\Tetris Revolution
2008-05-29 02:50 --------- d-----w I:\Program Files\mobile PhoneTools
2008-05-29 02:50 --------- d-----w I:\Program Files\Cooking Academy
2008-05-27 06:29 --------- d-----w I:\Program Files\Burger Rush
2008-05-27 00:38 --------- d-----w I:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-26 17:14 --------- d-----w I:\Program Files\HP
2008-05-21 20:05 --------- d-----w I:\Program Files\Acala DVD 3gp Ripper
2008-05-18 04:21 --------- d-----w I:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-05-18 04:19 --------- d-----w I:\Documents and Settings\User\Application Data\NCH Swift Sound
2008-05-16 22:44 --------- d-----w I:\Documents and Settings\User\Application Data\Apple Computer
2008-05-15 19:38 --------- d-----w I:\Program Files\iTunes
2008-05-15 19:37 --------- d-----w I:\Program Files\iPod
2008-05-15 19:34 --------- d-----w I:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-15 19:30 --------- d---a-w I:\Program Files\QuickTime
2008-05-15 18:58 --------- d-----w I:\Program Files\Common Files\Apple
2008-05-15 18:37 --------- d-----w I:\Program Files\Safari
2008-05-15 04:45 --------- d-----w I:\Program Files\Yahoo!
2008-05-14 00:48 --------- d-----w I:\Program Files\Pizza Frenzy
2008-05-14 00:41 --------- d-----w I:\Documents and Settings\All Users\Application Data\Skype
2008-05-14 00:29 --------- d-----w I:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-14 00:27 --------- d-----w I:\Program Files\Winamp Remote
2008-05-08 12:28 202,752 ----a-w I:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:27 --------- d-----w I:\Program Files\DivX
2008-05-07 03:51 --------- d-----w I:\Program Files\Star Defender 3
2008-05-06 01:35 --------- d-----w I:\Program Files\StarDefender3_at
2008-05-06 01:31 --------- d-----w I:\Program Files\Sony
2008-05-05 22:22 --------- d-----w I:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-05-03 05:53 --------- d-----w I:\Program Files\Xilisoft
2008-04-29 19:34 --------- d-----w I:\Program Files\Apple Software Update
2008-04-29 19:34 --------- d-----w I:\Documents and Settings\All Users\Application Data\Apple
2008-04-26 04:54 --------- d--h--w I:\Program Files\InstallShield Installation Information
2008-04-26 04:54 --------- d-----w I:\Program Files\Serif
2008-04-25 21:28 --------- d-----w I:\Documents and Settings\User\Application Data\Sony Corporation
2008-04-24 03:23 --------- d-----w I:\Program Files\Yahoo! Games
2008-04-09 20:47 32 ----a-w I:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-12 01:32 317 ----a-w I:\Documents and Settings\User\Application Data\bbbconfig.dat
2004-02-23 06:00 1,386,496 --sh--r I:\WINDOWS\system32\msvbvm60.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 16:06 1135968 --a------ I:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
I:\PROGRA~1\IWINGA~1\IWINGA~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{997b7d0f-05f9-bf5f-5c1f-3474314aa494}]
I:\WINDOWS\system32\{02180ca4-c168-c5cc-ecc4-3e097e62ad0a}.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "I:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 16:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= I:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 16:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="I:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-27 16:19 4670704]
"wsctf.exe"="wsctf.exe" []
"waultc"="I:\Documents and Settings\User\Application Data\waultc.exe" [ ]
"uTorrent"="I:\Program Files\uTorrent\uTorrent.exe" [2008-03-16 22:35 219952]
"Tok-Cirrhatus-1398"="I:\Documents and Settings\User\Local Settings\Application Data\br3819on.exe" [ ]
"MsnMsgr"="I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"EXPLORER.EXE"="EXPLORER.EXE" [2007-06-13 06:23 1033216 I:\WINDOWS\explorer.exe]
"ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00 15360]
"ares"="I:\Program Files\Ares\Ares.exe" [2007-07-16 17:54 961536]
"CursorFX"="I:\Program Files\Stardock\CursorFX\CursorFX.exe" [2008-02-19 18:59 418632]
"WindowBlinds"="I:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\WBInstall32.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="I:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-09 03:00 185632]
"SysMetrix"="I:\Program Files\SysMetrix\SysMetrix.exe" [2006-02-25 16:09 2637824]
"SunJavaUpdateSched"="I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SMSERIAL"="sm56hlpr.exe" [2005-06-06 05:40 544768 I:\WINDOWS\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 03:34 16143872 I:\WINDOWS\RTHDCPL.exe]
"RemoteControl"="I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"QuickTime Task"="I:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"PCSuiteTrayApplication"="I:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"NeroFilterCheck"="I:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"LogonStudio"="I:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]
"iTunesHelper"="I:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"HP Software Update"="I:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"googletalk"="I:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 17:22 3739648]
"Google Desktop Search"="I:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-09 02:47 29744]
"BootSkin Startup Jobs"="I:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" []
"AVG8_TRAY"="I:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-26 20:37 1177368]
"Adobe Reader Speed Launcher"="I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"MSConfig"="I:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2006-02-28 08:00 158208]
"BearFlix"="I:\Program Files\BearFlix\bearflix.exe" [ ]
"YSearchProtection"="I:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 10:59 224248]
"VTTimer"="VTTimer.exe" [2006-04-07 04:45 53248 I:\WINDOWS\system32\VTTimer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="I:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
"Tok-Cirrhatus-1860"="I:\Documents and Settings\User\Local Settings\Application Data\br4743on.exe" [ ]
"Tok-Cirrhatus"="" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-02-28 08:00 53760 I:\WINDOWS\system32\narrator.exe]

I:\Documents and Settings\User\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - I:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-04-25 17:04:59 344064]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableCMD"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="I:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=I:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
I:\WINDOWS\system32\dumprep 0 -u

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"I:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"I:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"I:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"I:\\Documents and Settings\\User\\Desktop\\Wheel of Fortune Deluxe\\Wheel of Fortune Deluxe.exe"=
"I:\\Program Files\\LimeWire\\LimeWire.exe"=
"I:\\Program Files\\uTorrent\\uTorrent.exe"=
"I:\\Program Files\\Ares\\Ares.exe"=
"I:\\Program Files\\iWin Games\\iWinGames.exe"=
"I:\\Program Files\\iWin Games\\WebUpdater.exe"=
"I:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"I:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"I:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"I:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"I:\\Program Files\\iTunes\\iTunes.exe"=
"I:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"I:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"I:\\Program Files\\Messenger\\msmsgs.exe"=
"I:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;I:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-26 20:37]
R2 avg8emc;AVG8 E-mail Scanner;I:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-26 20:37]
R2 avg8wd;AVG8 WatchDog;I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-26 20:37]
R2 AvgTdiX;AVG8 Network Redirector;I:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-26 20:37]
R2 UxTuneUp;TuneUp Theme Extension;I:\WINDOWS\System32\svchost.exe [2006-02-28 08:00]
R3 S3GIGP;S3GIGP;I:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-05-22 13:42]
S2 OneStep Search Service;OneStep Search Service;"I:\Program Files\OneStepSearch\onestep.exe" "I:\Program Files\OneStepSearch\onestep.dll" Service []
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"I:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-09 02:47]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);I:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;I:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;I:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{861891c3-fca3-11db-a155-001617dc913f}]
\Shell\AutoRun\command - I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-20 21:49:10 I:\WINDOWS\Tasks\1-Click Maintenance.job"
- I:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-06-19 18:21:13 I:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- I:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-20 15:03:00 I:\WINDOWS\Tasks\At1.job"
- I:\Documents and Settings\User\Templates\5820-NendangBro.com
"2008-06-20 21:08:04 I:\WINDOWS\Tasks\At2.job"
- I:\Documents and Settings\User\Templates\5820-NendangBro.com
"2008-06-20 19:01:05 I:\WINDOWS\Tasks\Norton Security Scan.job"
- I:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 09:10:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
I:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\WINDOWS\system32\HPZipm12.exe
I:\PROGRA~1\AVG\AVG8\avgrsx.exe
I:\WINDOWS\system32\rundll32.exe
I:\Program Files\PC Connectivity Solution\ServiceLayer.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
I:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
I:\Program Files\Google\Google Updater\GoogleUpdater.exe
.
**************************************************************************
.
Completion time: 2008-06-22 9:26:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-22 13:25:55

Pre-Run: 21,857,263,616 bytes free
Post-Run: 22,321,885,184 bytes free

415 --- E O F --- 2008-06-15 07:05:54

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,094 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:30 PM

Posted 22 June 2008 - 07:14 PM

Hello scorpianne,

I have merged your latest topic with your previously existing topic. Please keep all posts regarding this issue to this thread. Starting new topics confuses things and delays the assistance you receive. If you know you will be unable to respond for a while, please inform your helper and let your helper know when to expect a reply.

Back to you fenzodahl512.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 24 June 2008 - 01:03 AM

Thanks Orange Blossom.. Very much appreciated


Hello scorpianne, please do the following...


Please download GVRB2 and save >> Unzip it to your Desktop
  • Please Open the GVRB2 folder and double-click at GVR
  • Click on Scan and choose Scan Drive/Folder.
  • Click on Scan Now button. Let it scan until it finish
  • If infection(s) is found, A new window with option to delete will be open. DO NOT delete anything yet. Just tick on Take the same action with all files option and click on Cancel or Exit button.
  • A new file (logs.txt) will be created inside GVRB2 folder. Post its content on your next reply for further review



Please post logs.txt along with a fresh Deckard System Scanner log in your next reply


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 06 July 2008 - 04:45 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users