Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some Bad Adware


  • This topic is locked This topic is locked
2 replies to this topic

#1 timothyc

timothyc

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 04 June 2008 - 02:09 PM

Here is the log:

Deckard's System Scanner v20071014.68
Run by Buddy on 2008-06-04 14:11:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 1 Restore Point(s) --
1: 2008-06-03 22:37:50 UTC - RP305 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Buddy.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:19:37 PM, on 6/4/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\Program Files\Orb Networks\Orb\bin\OrbIR.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
N:\dss.exe
C:\Windows\system32\rundll32.exe
N:\HIJACK~1\Buddy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...P&M=GM5446E
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...P&M=GM5446E
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\vbpdtvdp.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {64F61B89-EFAA-4D0A-B5BE-EB36E64821AF} - C:\Windows\system32\hgGwWQhG.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Flash and Media Capture Helper - {E8803722-A7F5-45C5-B39A-A8B244486EC2} - C:\Program Files\Common Files\MetaProducts\fmcapt.dll
O3 - Toolbar: Flash and Media Capture Bar - {650EB965-8A1D-41C9-A941-0578F5CFC569} - C:\Program Files\Common Files\MetaProducts\fmcapt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [Virtual PDF Printer] "C:\Program Files\Virtual PDF Printer\VirtualPDFPrinter.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSServer] "rundll32.exe" C:\Windows\system32\cbXPiHYr.dll,#1
O4 - HKLM\..\Run: [runner1] "C:\Windows\mrofinu1000106.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [{63f29371-361d-0b2e-cd99-4bc375bd95cb}] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\{502941be-d5fb-4267-cf97-d065aa93a7e6}.dll" DllStart
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [bad6c9b2] "rundll32.exe" "C:\Windows\system32\rdmoowje.dll",b
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe"
O4 - HKLM\..\Run: [BMb9e5fa2e] Rundll32.exe "C:\Windows\system32\eatowidx.dll",s
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{4C234724-F24A-4034-8B95-80D301DE5063}
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-240829951-2236258458-1242441500-1000\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /detectMem (User 'IUSR_NMPR')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Save Media files - {F6F76DF4-FD65-4DE7-942F-4BD5DE9B1C6B} - C:\Program Files\Common Files\MetaProducts\fmcapt.dll
O13 - Gopher Prefix:
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/Ma...FamilyTeleX.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O20 - Winlogon Notify: Fly - C:\Windows\SYSTEM32\smart.dll
O20 - Winlogon Notify: Love - LoveFly.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Microsoft Windows Update Manager - Unknown owner - C:\Windows\system32\dllcache\winsop.exe (file missing)
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\Windows\444.471.exe (file missing)
O23 - Service: Parallels DHCP Service for Virtual NIC (PRLDHCP) - Parallels Software International, Inc. - C:\Program Files\Parallels\Parallels Workstation\PRLDHCP.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12429 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ISODrive (ISO DVD/CD-ROM Device Driver) - \??\c:\program files\ultraiso\drivers\isodrive.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 hypervisor (Parallels Hypervisor) - \??\c:\windows\system32\drivers\hypervisor.sys
R2 pvs (Parallels Kernel Driver) - \??\c:\windows\system32\drivers\pvs.sys
R2 pvsnet (Parallels Network Driver) - c:\windows\system32\drivers\pvsnet.sys <Not Verified; Parallels Software International, Inc.; Parallels Workstation 2.2>
R2 pvspth (Parallels Passthrough Driver) - \??\c:\windows\system32\drivers\pvspth.sys
R2 pvsum (Parallels USB Manager) - \??\c:\windows\system32\drivers\pvsum.sys
R3 PVSVNIC (Parallels Virtual NIC Driver) - c:\windows\system32\drivers\pvsvnic.sys <Not Verified; Parallels Software International, Inc.; Parallels Workstation 2.2>

S3 PVSUSB (Parallels USB Device Driver) - c:\windows\system32\drivers\pvsusb.sys <Not Verified; Parallels Software International, Inc.; Parallels Workstation 2.2>
S3 USBIO (USBIO Driver (usbio.sys)) - c:\windows\system32\drivers\usbio.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 DQLWinService - "c:\program files\common files\intel\inteldh\nms\adpplugins\dqlwinservice.exe" <Not Verified; ; DQLWinSe Application>
R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>
R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>

S2 AVP (Kaspersky Anti-Virus 7.0) - "c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe" -r (file missing)
S2 Microsoft Windows Update Manager - "c:\windows\system32\dllcache\winsop.exe" (file missing)
S2 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\444.471 service (file missing)
S2 PRLDHCP (Parallels DHCP Service for Virtual NIC) - c:\program files\parallels\parallels workstation\prldhcp.exe <Not Verified; Parallels Software International, Inc.; Parallels Workstation 2.2>
S2 ThreatFire - c:\program files\threatfire\tfservice.exe service (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB CF Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#920321111113&1#
Manufacturer: Generic
Name: USB CF Reader
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#920321111113&1#
Service: WUDFRd

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: JD Mercury
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_LEXAR&PROD_JD_MERCURY&REV_1100#0A4E9712170658021207&0#
Manufacturer: Lexar
Name: JD Mercury
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_LEXAR&PROD_JD_MERCURY&REV_1100#0A4E9712170658021207&0#
Service: WUDFRd


-- Scheduled Tasks -------------------------------------------------------------

2008-06-04 14:20:06 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{4C234724-F24A-4034-8B95-80D301DE5063}.job


-- Files created between 2008-05-04 and 2008-06-04 -----------------------------

2008-06-04 13:54:49 2560 --a------ C:\Windows\system32\bpnfhlia.exe
2008-06-04 13:25:51 116736 --a------ C:\Windows\system32\rdmoowje.dll
2008-06-04 13:24:52 132608 --a------ C:\Windows\system32\mxtxntxb.dll
2008-06-04 12:55:39 126976 --a------ C:\Windows\system32\eatowidx.dll
2008-06-03 17:50:32 0 d-------- C:\drivers
2008-06-03 15:34:39 115200 -----n--- C:\Windows\system32\ybtunskg.dll
2008-06-03 13:52:28 133120 --a------ C:\Windows\system32\vcsovdyt.dll
2008-06-03 11:15:31 2560 --a------ C:\Windows\system32\avtrobjn.exe
2008-06-03 11:13:15 125952 --a------ C:\Windows\system32\ctamqsrn.dll
2008-06-02 16:06:17 96966 --a------ C:\Windows\system32\drivers\klin.dat
2008-06-02 16:06:17 88774 --a------ C:\Windows\system32\drivers\klick.dat
2008-06-02 16:04:34 41681952 --ahs---- C:\Windows\system32\drivers\fidbox.dat
2008-06-02 12:47:57 0 d--h----- C:\ckis
2008-06-02 12:04:09 31232 --a------ C:\Windows\loader.exe
2008-06-02 10:24:05 2560 --a------ C:\Windows\system32\bystafxm.exe
2008-06-01 22:02:53 0 d-------- C:\Program Files\QdrPack
2008-06-01 22:02:53 0 d-------- C:\Program Files\ISM
2008-06-01 19:57:36 9216 --a------ C:\Windows\y.exe
2008-06-01 19:57:36 27904 --a------ C:\Windows\xplugin.dll
2008-06-01 19:57:36 29952 --a------ C:\Windows\x.exe
2008-06-01 19:57:35 19456 --a------ C:\Windows\winmgnt.exe
2008-06-01 19:57:35 23040 --a------ C:\Windows\window.exe
2008-06-01 19:57:34 9984 --a------ C:\Windows\winajbm.dll
2008-06-01 19:57:34 14848 --a------ C:\Windows\win64.exe
2008-06-01 19:57:34 23552 --a------ C:\Windows\win32e.exe
2008-06-01 19:57:34 23296 --a------ C:\Windows\waol.exe
2008-06-01 19:57:34 23808 --a------ C:\Windows\users32.exe
2008-06-01 19:57:33 17152 --a------ C:\Windows\time.exe
2008-06-01 19:57:33 10240 --a------ C:\Windows\systemcritical.exe
2008-06-01 19:57:31 14848 --a------ C:\Windows\systeem.exe
2008-06-01 19:57:31 32512 --a------ C:\Windows\svcinit.exe
2008-06-01 19:57:31 25344 --a------ C:\Windows\svchost32.exe
2008-06-01 19:57:31 8704 --a------ C:\Windows\sistem.exe
2008-06-01 19:57:30 27648 --a------ C:\Windows\searchword.dll
2008-06-01 19:57:30 20224 --a------ C:\Windows\rundll16.exe
2008-06-01 19:57:29 9216 --a------ C:\Windows\quicken.exe
2008-06-01 19:57:29 11520 --a------ C:\Windows\qttasks.exe
2008-06-01 19:57:29 15616 --a------ C:\Windows\olehelp.exe
2008-06-01 19:57:29 20992 --a------ C:\Windows\notepad32.exe
2008-06-01 19:57:29 15360 --a------ C:\Windows\mtwirl32.dll
2008-06-01 19:57:29 9472 --a------ C:\Windows\mswsc20.dll
2008-06-01 19:57:29 27648 --a------ C:\Windows\mswsc10.dll
2008-06-01 19:57:28 18944 --a------ C:\Windows\msupdate.exe
2008-06-01 19:57:28 22016 --a------ C:\Windows\mssys.exe
2008-06-01 19:57:28 8192 --a------ C:\Windows\msspi.dll
2008-06-01 19:57:28 8960 --a------ C:\Windows\msconfd.dll
2008-06-01 19:57:27 28416 --a------ C:\Windows\internet.exe
2008-06-01 19:57:27 19456 --a------ C:\Windows\inetinf.exe
2008-06-01 19:57:27 27648 --a------ C:\Windows\iexplorer.exe
2008-06-01 19:57:26 11264 --a------ C:\Windows\iedll.exe
2008-06-01 19:57:26 17408 --a------ C:\Windows\helpcvs.exe
2008-06-01 19:57:26 20480 --a------ C:\Windows\gfmnaaa.dll
2008-06-01 19:57:26 19200 --a------ C:\Windows\funny.exe
2008-06-01 19:57:25 15360 --a------ C:\Windows\funniest.exe
2008-06-01 19:57:25 26368 --a------ C:\Windows\explorer32.exe
2008-06-01 19:57:25 9984 --a------ C:\Windows\explore.exe
2008-06-01 19:57:25 21248 --a------ C:\Windows\editpad.exe
2008-06-01 19:57:24 26880 --a------ C:\Windows\dnsrelay.dll
2008-06-01 19:57:24 20224 --a------ C:\Windows\directx32.exe
2008-06-01 19:57:23 12032 --a------ C:\Windows\ctrlpan.dll
2008-06-01 19:57:23 25600 --a------ C:\Windows\ctfmon32.exe
2008-06-01 19:57:23 29440 --a------ C:\Windows\cpan.dll
2008-06-01 19:57:23 16128 --a------ C:\Windows\clrssn.exe
2008-06-01 19:57:23 15616 --a------ C:\Windows\avpcc.dll
2008-06-01 19:57:22 8960 --a------ C:\Windows\accesss.exe
2008-06-01 19:54:52 1687 --a------ C:\Windows\system32\clbinit.dll
2008-06-01 19:42:47 0 d-------- C:\Program Files\CPV
2008-06-01 19:42:46 0 d-------- C:\Program Files\Temporary
2008-06-01 19:37:20 0 d-------- C:\Program Files\InetGet2
2008-06-01 19:31:38 750118 --ahs---- C:\Windows\system32\GhQWwGgh.ini2
2008-06-01 19:31:34 373248 --a------ C:\Windows\system32\hgGwWQhG.dll
2008-06-01 19:28:00 86144 --a------ C:\Windows\system32\drivers\USBCAMD22.sys
2008-06-01 19:27:53 0 d-------- C:\Windows\system32\wIE6
2008-06-01 19:27:53 0 d-------- C:\Windows\system32\fetc6
2008-06-01 19:27:53 0 d-------- C:\Windows\system32\Dev3
2008-06-01 19:27:53 0 d-------- C:\Windows\system32\a053
2008-06-01 19:27:52 0 d-------- C:\Windows\system32\Vco1
2008-06-01 19:27:52 0 d-------- C:\Windows\system32\sTMP
2008-06-01 19:27:52 0 d-------- C:\Windows\system32\6026c
2008-06-01 19:27:51 32279 --a------ C:\Windows\system32\clbdll.dll
2008-06-01 19:27:50 0 d-------- C:\Windows\system32\vntiho06
2008-06-01 19:27:32 4 --a------ C:\Windows\system32\hljwugsf.bin
2008-05-29 14:19:53 0 d-------- C:\Program Files\Thoosje Sidebar V2.3
2008-05-29 13:50:34 0 d-------- C:\Program Files\Axialis
2008-05-29 11:44:19 0 d-------- C:\Program Files\Bonjour
2008-05-29 11:34:21 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-29 10:25:06 0 d-------- C:\Program Files\Musicnotes
2008-05-26 17:21:35 0 d-------- C:\Windows\Caps
2008-05-26 16:35:17 155648 --a------ C:\Windows\system32\libssl32.dll
2008-05-26 16:35:07 0 d-------- C:\OpenSSL
2008-05-26 11:45:58 364032 --a------ C:\Windows\system32\{502941be-d5fb-4267-cf97-d065aa93a7e6}.dll
2008-05-23 16:23:18 0 d-------- C:\Program Files\Common Files\EZB Systems
2008-05-23 16:23:17 0 d-------- C:\Program Files\UltraISO
2008-05-22 15:42:41 0 d--hs---- C:\found.000
2008-05-20 16:46:18 12310 --a------ C:\Windows\system32\drivers\pvsnet.sys <Not Verified; Parallels Software International, Inc.; Parallels Workstation 2.2>
2008-05-20 16:44:07 8320 --a------ C:\Windows\system32\drivers\PvsUM.sys <Not Verified; Parallels Software International, Inc.; Parallels Workstation 2.2>
2008-05-20 16:44:07 13344 --a------ C:\Windows\system32\drivers\pvspth.sys <Not Verified; Parallels Software International, Inc.; Parallels Workstation 2.2>
2008-05-20 16:44:07 28800 --a------ C:\Windows\system32\drivers\pvs.sys <Not Verified; Parallels Software International, Inc.; Parallels Workstation 2.2>
2008-05-20 16:44:07 51712 --a------ C:\Windows\system32\drivers\hypervisor.sys
2008-05-20 16:44:01 22752 --a------ C:\Windows\system32\drivers\pvsusb.sys <Not Verified; Parallels Software International, Inc.; Parallels Workstation 2.2>
2008-05-20 16:43:08 0 d-------- C:\Program Files\Parallels
2008-05-20 16:42:29 4412 --a------ C:\Windows\system32\drivers\pvsvnic.sys <Not Verified; Parallels Software International, Inc.; Parallels Workstation 2.2>
2008-05-16 10:30:36 231424 --a------ C:\Windows\b148.exe
2008-05-12 16:47:56 0 d-------- C:\Program Files\FLAC
2008-05-11 14:35:42 35840 --a------ C:\Windows\system32\smart.dll <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
2008-05-10 15:18:20 53248 --a------ C:\Windows\system32\SSubTmr6.dll <Not Verified; vbAccelerator; SSubTmr6>
2008-05-10 15:18:20 53248 --a------ C:\Windows\system32\KanastaCorpUtils.dll <Not Verified; KanastaCorp; KanastaCorp Common Utils>
2008-05-10 15:18:20 249856 --a------ C:\Windows\system32\KanastaCorpComCtrls.dll <Not Verified; KanastaCorp; KanastaCorp Class Library>
2008-05-10 15:18:20 0 d-------- C:\Program Files\KanastaCorp
2008-05-10 15:15:08 0 d-------- C:\Program Files\Mail PassView
2008-05-10 15:09:21 39424 --a------ C:\Windows\zipinst.exe <Not Verified; NirSoft; ZipInstaller>
2008-05-10 15:09:20 0 d-------- C:\Program Files\SniffPass
2008-05-06 15:36:42 51745 --a------ C:\Windows\system32\TTACodecs-uninstall.exe
2008-05-06 15:28:06 0 d-------- C:\Program Files\Winamp
2008-05-06 15:27:53 0 d-------- C:\Program Files\Monkey's Audio
2008-05-05 15:51:33 0 d-------- C:\Program Files\Beyond Compare 2


-- Find3M Report ---------------------------------------------------------------

2008-06-03 17:28:23 0 d-------- C:\Program Files\ScreenArt
2008-06-03 16:52:44 396 --ah----- \Autorun.inf
2008-06-03 12:55:22 686630 --a------ \dss.exe
2008-06-03 11:26:00 0 d-------- \Hijackthis
2008-06-02 15:54:52 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-02 09:38:10 0 d-------- \New Folder
2008-06-02 09:27:14 0 d-------- \Kaspersky AntiVirus v7.0.1.32. Final(FRESH KEYS-17.01)
2008-06-02 09:07:16 0 d-------- \spyware fix
2008-06-02 09:00:54 2492 --a------ \task.doc
2008-06-01 19:52:58 0 d-------- C:\Program Files\Avira
2008-05-31 16:05:48 0 d-------- \Scores
2008-05-31 12:04:54 0 dr------- \Favorites
2008-05-29 11:44:15 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-29 11:34:21 0 d-------- C:\Program Files\Common Files
2008-05-20 17:22:06 0 d-------- C:\Program Files\ThreatFire
2008-05-20 16:44:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-14 03:04:39 0 d-------- C:\Program Files\Windows Mail
2008-05-10 15:08:39 0 d-------- C:\Program Files\WinPcap
2008-05-05 06:40:25 0 d-------- C:\Program Files\Spyware Doctor
2008-05-02 16:02:28 0 d-------- C:\Program Files\MSBuild
2008-04-30 15:50:25 1472 --ahs---- C:\Windows\system32\KGyGaAvL.sys
2008-04-30 15:50:01 0 d-------- C:\Program Files\Common Files\Corel
2008-04-30 15:49:08 0 d-------- C:\Program Files\Corel
2008-04-30 15:34:04 0 d-------- C:\Program Files\Common Files\Protexis
2008-04-25 17:18:46 0 d-------- C:\Program Files\VMware
2008-04-25 17:18:46 0 d-------- C:\Program Files\Common Files\VMware
2008-04-25 17:12:52 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-19 14:39:02 0 d-------- C:\Program Files\WinAVI MP4 Converter
2008-04-19 12:37:21 0 d-------- C:\Program Files\Mattel Interactive
2008-04-18 19:46:53 0 d-------- C:\Program Files\GPLGS
2008-04-18 19:45:35 0 d-------- C:\Program Files\Acro Software
2008-04-14 19:28:22 14067 --a------ C:\logfile
2008-04-12 17:59:37 0 d-------- C:\Program Files\Neuratron PhotoScore Ultimate Demo
2008-04-12 17:42:18 0 d-------- C:\Program Files\MSN Messenger
2008-04-07 16:12:15 0 d-------- C:\Program Files\Diner Dash Flo On The Go
2008-04-07 15:56:37 0 d-------- C:\Program Files\Maxis
2008-03-20 15:23:58 250048 -rahs---- C:\ntldr


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64F61B89-EFAA-4D0A-B5BE-EB36E64821AF}]
06/01/2008 07:31 PM 373248 --a------ C:\Windows\system32\hgGwWQhG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12/10/2006 09:52 PM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [04/09/2007 08:23 AM]
"Virtual PDF Printer"="C:\Program Files\Virtual PDF Printer\VirtualPDFPrinter.exe" []
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [10/11/2007 08:45 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [10/08/2007 11:27 AM]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [10/08/2007 11:26 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"MSServer"="rundll32.exe" [11/02/2006 05:45 AM C:\Windows\System32\rundll32.exe]
"runner1"="C:\Windows\mrofinu1000106.exe" []
"{63f29371-361d-0b2e-cd99-4bc375bd95cb}"="C:\Windows\system32\{502941be-d5fb-4267-cf97-d065aa93a7e6}.dll" [05/26/2008 11:45 AM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" []
"bad6c9b2"="rundll32.exe" [11/02/2006 05:45 AM C:\Windows\System32\rundll32.exe]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe" [05/09/2007 01:11 PM]
"BMb9e5fa2e"="C:\Windows\system32\eatowidx.dll" [06/04/2008 12:55 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [11/02/2006 05:45 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{166BCB27-FCFD-4588-9BDB-44FC6A02EF35}"= C:\Windows\system32\cbXPiHYr.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\Windows\system32\userinit.exe,C:\Windows\system32\vbpdtvdp.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Fly]
smart.dll 05/11/2008 02:35 PM 35840 C:\Windows\System32\smart.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Love]
LoveFly.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\hgGwWQhG

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\Windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ScreenArt.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScreenArt.lnk
backup=C:\Windows\pss\ScreenArt.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Buddy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix]
c:\program files\Bigfix\bigfix.exe /atstartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\Windows\system32\WLTRAY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
"C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
"C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
"C:\Program Files\Microsoft IntelliType Pro\itype.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer]
CNYHKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoLed]
ModLEDKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport]
"C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
"RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunSpySweeperScheduleAtStartup]
"C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{4C234724-F24A-4034-8B95-80D301DE5063}

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
"C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire]
"C:\Program Files\ThreatFire\TFTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Virtual PDF Printer]
"C:\Program Files\Virtual PDF Printer\VirtualPDFPrinter.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
~"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-04 14:21:16 ------------

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:48 PM

Posted 18 June 2008 - 11:01 PM

Hello timothyc,

Please tell me if you are running an antivirus on this computer.


Please do everything at this site
Preparation Guide for use before posting about your potential Malware problem
then post the Kaspersky log and the DSS Main and Extra logs.

Edited by SifuMike, 18 June 2008 - 11:03 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:48 PM

Posted 24 June 2008 - 05:18 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users