Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware, Possible Virus


  • Please log in to reply
12 replies to this topic

#1 Aggressor

Aggressor

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 08 June 2008 - 05:05 PM

i have been downloading torrents and i believe it's the reason. every so often i see bugs on my computer screen acting like its eating up my drive. on my desktop it says "warning! Spyware detected on your computer!" "Install antivirus or spyware remover to clean your computer!" anyways, here are my log's

Deckard's System Scanner v20071014.68
Run by Julie on 2008-06-08 05:45:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-06-08 10:45:46 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-06-08 06:29:38 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Julie.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-08 05:48:54
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\WINDOWS\SYSTEM32\PnkBstrA.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SYSTEM32\lphcc8lj0en9e.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\SYSTEM32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Julie\Desktop\dss.exe
C:\Documents and Settings\Julie\Desktop\New Folder\Julie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [lphcc8lj0en9e] C:\WINDOWS\system32\lphcc8lj0en9e.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: iWin Desktop Alerts.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\SYSTEM32\nwprovau.dll
O15 - Trusted Zone: https://www.pogo.com (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} () - file:///C:/Program%20Files/Miss%20Teri%20Tale/Images/stg_drm.ocx
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} () - http://69.56.176.227/webplugin.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} () - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/...8202.6670023148
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\system32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Memeo AutoSync (AutoSyncService) - Memeo - C:\Program Files\Memeo\AutoSync\MemeoService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe /srvfsys
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\SYSTEM32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\SYSTEM32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: - http://www.snickers.com/racing/wallpapers/image3.jpg

--
End of file - 10979 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Julie\Desktop\NEWFOL~1\backups\) ------

backup-20051210-212736-890 O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
backup-20051210-212736-973 R3 - Default URLSearchHook is missing
backup-20061025-155533-540 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
backup-20061025-155533-687 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
backup-20061025-155533-760 O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
backup-20061025-155533-843 O2 - BHO: (no name) - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - (no file)
backup-20061025-155533-873 O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
backup-20061025-155534-462 O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

S2 npkcrypt - c:\program files\nexon\maplestory\npkcrypt.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 gtermddo - c:\docume~1\julie\locals~1\temp\gtermddo.sys (file missing)
S3 npkcusb - c:\program files\nexon\maplestory\npkcusb.sys (file missing)
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 STEAMDVR - c:\program files\steam\bin\x86\steamdvr.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 AutoSyncService (Memeo AutoSync ) - "c:\program files\memeo\autosync\memeoservice.exe" <Not Verified; Memeo; Memeo AutoBackup>
S4 Avg7Alrt (AVG7 Alert Manager Server) - c:\progra~1\grisoft\avg7\avgamsvr.exe (file missing)
S4 Avg7UpdSvc (AVG7 Update Service) - c:\progra~1\grisoft\avg7\avgupsvc.exe (file missing)
S4 AVGEMS (AVG E-mail Scanner) - c:\progra~1\grisoft\avg7\avgemc.exe (file missing)
S4 AVGFwSrv (AVG Firewall) - c:\progra~1\grisoft\avg7\avgfwsrv.exe /srvfsys (file missing)
S4 Boonty Games - "c:\program files\common files\boonty shared\service\boonty.exe" <Not Verified; BOONTY; Boonty Games>
S4 Diskeeper - "c:\program files\executive software\diskeeperlite\dkservice.exe" <Not Verified; Executive Software International, Inc.; Diskeeper ™ Disk Defragmenter>
S4 Ventrilo - c:\program files\ventsrv\ventrilo_svc.exe (file missing)
S4 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi


-- Scheduled Tasks -------------------------------------------------------------

2008-06-07 20:30:20 422 --ah---c- C:\WINDOWS\Tasks\User_Feed_Synchronization-{618BB76F-17BF-4D9D-8884-2B88CD3228E0}.job
2008-05-13 20:25:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-08 and 2008-06-08 -----------------------------

2008-06-08 04:39:30 52736 --a------ C:\WINDOWS\system32\blphcc8lj0en9e.scr <Not Verified; Peter's Productions; Bugs!>
2008-06-08 01:09:05 0 d-------- C:\Documents and Settings\Julie\Application Data\Malwarebytes
2008-06-08 01:09:01 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 01:09:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-08 01:08:54 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-08 01:06:57 0 d-------- C:\Documents and Settings\Julie\Application Data\shca8lj0en9e
2008-06-08 01:06:39 0 d-------- C:\Program Files\shca8lj0en9e
2008-06-08 01:06:21 92160 --a------ C:\WINDOWS\system32\lphcc8lj0en9e.exe
2008-06-07 14:48:38 0 dr-h----- C:\Documents and Settings\Julie\Recent
2008-06-07 13:42:46 0 d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-06-05 08:02:39 0 d-------- C:\Documents and Settings\Julie\Application Data\Gogii Games
2008-06-05 08:02:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Gogii Games
2008-05-27 08:12:12 0 d-------- C:\Program Files\Neffy
2008-05-23 01:17:39 0 d-------- C:\Documents and Settings\Julie\_curSkin
2008-05-22 22:27:52 0 d-------- C:\WINDOWS\system32\_curSkin
2008-05-22 22:27:50 0 d-------- C:\Documents and Settings\Julie\Application Data\GameComm
2008-05-22 22:20:30 0 d-------- C:\Program Files\GameComm
2008-05-22 11:27:23 0 d-------- C:\Documents and Settings\Julie\Application Data\Games
2008-05-22 10:08:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Astar Games
2008-05-22 08:56:51 2011168 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-22 08:54:52 0 d-------- C:\Program Files\ZoneAlarmSB
2008-05-22 08:52:47 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-22 08:52:28 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-22 08:52:16 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-05-22 08:51:23 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-05-22 08:50:39 0 d-------- C:\WINDOWS\Internet Logs
2008-05-22 01:02:27 0 d-------- C:\Documents and Settings\Julie\Application Data\MysteryStudio
2008-05-16 21:23:18 0 dr------- C:\Documents and Settings\gjgj\Favorites
2008-05-16 21:23:18 0 d-------- C:\Documents and Settings\gjgj\Desktop
2008-05-16 21:23:18 0 d--hs---- C:\Documents and Settings\gjgj\Cookies
2008-05-16 21:23:18 0 dr-h----- C:\Documents and Settings\gjgj\Application Data
2008-05-16 21:23:18 0 d-------- C:\Documents and Settings\gjgj\Application Data\Symantec
2008-05-16 21:23:18 0 d-------- C:\Documents and Settings\gjgj\Application Data\Sun
2008-05-16 21:23:18 0 d-------- C:\Documents and Settings\gjgj\Application Data\Sonic
2008-05-16 21:23:18 0 d---s---- C:\Documents and Settings\gjgj\Application Data\Microsoft
2008-05-16 21:23:18 0 d-------- C:\Documents and Settings\gjgj\Application Data\Jasc Software Inc
2008-05-16 21:23:18 0 d-------- C:\Documents and Settings\gjgj\Application Data\Identities
2008-05-16 21:23:17 0 d--h----- C:\Documents and Settings\gjgj\Templates
2008-05-16 21:23:17 0 dr------- C:\Documents and Settings\gjgj\Start Menu
2008-05-16 21:23:17 0 dr-h----- C:\Documents and Settings\gjgj\SendTo
2008-05-16 21:23:17 0 dr-h----- C:\Documents and Settings\gjgj\Recent
2008-05-16 21:23:17 0 d--h----- C:\Documents and Settings\gjgj\PrintHood
2008-05-16 21:23:17 1048576 --ah----- C:\Documents and Settings\gjgj\NTUSER.DAT
2008-05-16 21:23:17 0 d--h----- C:\Documents and Settings\gjgj\NetHood
2008-05-16 21:23:17 0 dr------- C:\Documents and Settings\gjgj\My Documents
2008-05-16 21:23:17 0 d--h----- C:\Documents and Settings\gjgj\Local Settings
2008-05-15 04:20:24 80 --ah----- C:\WINDOWS\system32\HsInfo.dat
2008-05-13 05:17:33 0 d-------- C:\Program Files\uTorrent


-- Find3M Report ---------------------------------------------------------------

2008-06-08 04:39:48 0 d-------- C:\Program Files\Steam
2008-06-08 01:48:43 0 d-------- C:\Program Files\Starcraft
2008-06-08 01:08:54 0 d-------- C:\Program Files\Common Files
2008-06-07 14:47:23 0 d-------- C:\Program Files\Shockwave.com
2008-06-07 00:22:16 0 d-------- C:\Program Files\Warcraft III
2008-06-06 09:02:36 0 d-------- C:\Documents and Settings\Julie\Application Data\uTorrent
2008-06-05 06:53:59 0 d-------- C:\Documents and Settings\Julie\Application Data\Flood Light Games
2008-06-03 02:19:14 0 d-------- C:\Program Files\Nancy Drew
2008-05-30 23:57:06 0 d-------- C:\Program Files\PokerStars.NET
2008-05-25 22:06:18 0 d-------- C:\Documents and Settings\Julie\Application Data\AdobeUM
2008-05-23 09:21:11 0 d-------- C:\Program Files\Gravity
2008-05-23 09:21:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-23 01:28:36 0 d-------- C:\Documents and Settings\Julie\Application Data\DNA
2008-05-19 10:33:48 0 d-------- C:\Program Files\bfgclient
2008-05-18 11:47:10 0 d-------- C:\Documents and Settings\Julie\Application Data\Hamachi
2008-05-13 06:11:04 101552 --a----c- C:\Documents and Settings\Julie\Application Data\GDIPFONTCACHEV1.DAT
2008-05-13 05:17:04 0 d-------- C:\Documents and Settings\Julie\Application Data\BitTorrent <BITTOR~1>
2008-05-12 19:19:49 0 d-------- C:\Program Files\Western Digital
2008-04-27 02:29:44 0 d-------- C:\Program Files\Hamachi
2008-04-20 08:47:46 0 d-------- C:\Program Files\Lavasoft
2008-04-20 08:47:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-19 08:52:54 0 d-------- C:\Documents and Settings\Julie\Application Data\Ventrilo
2008-04-19 03:37:03 0 d-------- C:\Documents and Settings\Julie\Application Data\Adobe
2008-04-19 03:36:32 4210 --a----c- C:\WINDOWS\mozver.dat
2008-04-19 03:10:47 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-04-19 03:09:19 0 d-------- C:\Documents and Settings\Julie\Application Data\AVG7
2008-04-17 07:37:13 0 d-------- C:\Program Files\iWin.com
2008-04-17 07:31:28 0 d-------- C:\Documents and Settings\Julie\Application Data\Restorer
2008-04-15 01:38:45 0 d-------- C:\Program Files\Common Files\DirectX
2008-04-12 12:57:33 0 d-------- C:\Program Files\iWin Games
2008-04-09 22:36:21 0 d-------- C:\Program Files\Google
2008-03-16 01:37:42 364544 --a------ C:\WINDOWS\system32\WDBtnMgr.exe <Not Verified; Western Digital Technologies, Inc.; WD Button Manager>
2008-03-14 03:28:39 0 --a------ C:\Program Files\temp01


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
05/22/2008 08:54 AM 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [05/22/2008 08:54 AM 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [09/17/2007 01:07 AM C:\WINDOWS\SYSTEM32\nwiz.exe]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [05/02/2003 06:46 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [03/20/2006 05:34 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [04/02/2008 09:07 PM]
"lphcc8lj0en9e"="C:\WINDOWS\system32\lphcc8lj0en9e.exe" [06/08/2008 01:06 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [04/03/2008 07:10 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\Julie\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 9:00:00 AM]
iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [12/8/2007 10:47:25 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 9:00:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)
"GreyMSIAds"=1 (0x1)
"NoLowDiskSpaceChecks"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 02/22/2007 01:47 PM 9216 C:\WINDOWS\SYSTEM32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Charter High-Speed Security Suite.lnk]
backup=C:\WINDOWS\pss\Charter High-Speed Security Suite.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Media Card Companion Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Media Card Companion Monitor.lnk
backup=C:\WINDOWS\pss\Media Card Companion Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrecisionTime.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^updater.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Julie^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
path=C:\Documents and Settings\Julie\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
backup=C:\WINDOWS\pss\iWin Desktop Alerts.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Julie^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
path=C:\Documents and Settings\Julie\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk
backup=C:\WINDOWS\pss\Memeo AutoSync Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Julie^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Julie^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
path=C:\Documents and Settings\Julie\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
backup=C:\WINDOWS\pss\WD Anywhere Backup Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\180ax]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdRoarUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dvx]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameComm]
"C:\Program Files\GameComm\GameComm"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PGStub.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pszghof]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qwqae]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmss]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vrmon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VrSchedule]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wast]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"Ventrilo"=2 (0x2)
"usnjsvc"=3 (0x3)
"rpcapd"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"NetSvc"=3 (0x3)
"LexBceS"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"Diskeeper"=2 (0x2)
"Boonty Games"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"AVGFwSrv"=2 (0x2)
"AVGEMS"=2 (0x2)
"AvgCoreSvc"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"mmtask"=c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3427fb6-f1a2-11dc-9644-000cf17d5fae}]
AutoRun\command- Z:\wd_windows_tools\WDEULA.exe




-- End of Deckard's System Scanner: finished at 2008-06-08 05:51:44 ------------

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 10 June 2008 - 06:17 AM

Hi and Welcome to the Bleeping Computer.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#3 Aggressor

Aggressor
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 10 June 2008 - 03:06 PM

ComboFix 08-06-09.7 - Julie 2008-06-10 15:53:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.784 [GMT -5:00]
Running from: C:\Documents and Settings\Julie\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\ODCTOOLS
C:\WINDOWS\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
.

2008-06-08 05:45 . 2008-06-08 05:45 <DIR> d----c--- C:\Deckard
2008-06-08 04:39 . 2008-06-09 20:45 52,736 --a------ C:\WINDOWS\SYSTEM32\blphcc8lj0en9e.scr
2008-06-08 01:09 . 2008-06-08 01:09 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 01:09 . 2008-06-08 01:09 <DIR> d-------- C:\Documents and Settings\Julie\Application Data\Malwarebytes
2008-06-08 01:09 . 2008-06-08 01:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-08 01:09 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys
2008-06-08 01:09 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-06-08 01:08 . 2008-06-08 01:08 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-08 01:06 . 2008-06-08 01:44 <DIR> d-------- C:\Program Files\shca8lj0en9e
2008-06-08 01:06 . 2008-06-08 01:06 <DIR> d-------- C:\Documents and Settings\Julie\Application Data\shca8lj0en9e
2008-06-08 01:06 . 2008-06-08 01:06 92,160 --a------ C:\WINDOWS\SYSTEM32\lphcc8lj0en9e.exe
2008-06-08 01:06 . 2008-06-09 20:45 90,838 --a------ C:\WINDOWS\SYSTEM32\phcc8lj0en9e.bmp
2008-06-07 13:42 . 2008-06-07 14:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-06-05 08:02 . 2008-06-05 08:02 <DIR> d-------- C:\Documents and Settings\Julie\Application Data\Gogii Games
2008-06-05 08:02 . 2008-06-05 08:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gogii Games
2008-06-03 09:24 . 2008-06-03 09:24 0 --a------ C:\WINDOWS\game.INI
2008-05-27 08:12 . 2008-05-27 08:12 <DIR> d-------- C:\Program Files\Neffy
2008-05-23 01:17 . 2008-05-23 01:17 <DIR> d-------- C:\Documents and Settings\Julie\_curSkin
2008-05-22 22:27 . 2008-05-22 22:27 <DIR> d-------- C:\WINDOWS\SYSTEM32\_curSkin
2008-05-22 22:27 . 2008-05-22 23:30 <DIR> d-------- C:\Documents and Settings\Julie\Application Data\GameComm
2008-05-22 22:20 . 2008-05-23 01:12 <DIR> d-------- C:\Program Files\GameComm
2008-05-22 11:27 . 2008-05-22 11:27 <DIR> d-------- C:\Documents and Settings\Julie\Application Data\Games
2008-05-22 10:08 . 2008-05-22 10:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Astar Games
2008-05-22 08:56 . 2008-06-08 04:35 2,011,168 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
2008-05-22 08:56 . 2008-06-08 04:35 20,300 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx
2008-05-22 08:54 . 2008-05-22 08:54 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-05-22 08:52 . 2008-05-22 08:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-22 08:52 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-05-22 08:52 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\SYSTEM32\SpOrder.dll
2008-05-22 08:52 . 2008-05-22 08:55 4,212 ---h----- C:\WINDOWS\SYSTEM32\zllictbl.dat
2008-05-22 08:51 . 2008-05-22 08:51 <DIR> d-------- C:\Program Files\Zone Labs
2008-05-22 08:50 . 2008-06-10 01:15 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-05-22 01:02 . 2008-05-22 08:19 <DIR> d-------- C:\Documents and Settings\Julie\Application Data\MysteryStudio
2008-05-16 21:23 . 2004-06-04 07:44 <DIR> d-------- C:\Documents and Settings\gjgj\Application Data\Symantec
2008-05-16 21:23 . 2004-06-04 07:39 <DIR> d-------- C:\Documents and Settings\gjgj\Application Data\Sonic
2008-05-16 21:23 . 2004-06-04 07:43 <DIR> d-------- C:\Documents and Settings\gjgj\Application Data\Jasc Software Inc
2008-05-16 21:23 . 2008-05-16 21:23 <DIR> d-------- C:\Documents and Settings\gjgj
2008-05-15 04:20 . 2008-05-15 04:20 80 --ah----- C:\WINDOWS\SYSTEM32\HsInfo.dat
2008-05-13 05:17 . 2008-05-13 05:17 <DIR> d-------- C:\Program Files\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 05:46 --------- d-----w C:\Program Files\PokerStars.NET
2008-06-10 01:48 --------- d-----w C:\Program Files\Steam
2008-06-09 23:32 1,403,904 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-06-08 06:48 --------- d-----w C:\Program Files\Starcraft
2008-06-07 19:47 --------- d-----w C:\Program Files\Shockwave.com
2008-06-07 17:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 05:22 --------- d-----w C:\Program Files\Warcraft III
2008-06-06 14:02 --------- d-----w C:\Documents and Settings\Julie\Application Data\uTorrent
2008-06-05 11:53 --------- d-----w C:\Documents and Settings\Julie\Application Data\Flood Light Games
2008-06-05 11:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-06-03 07:19 --------- d-----w C:\Program Files\Nancy Drew
2008-05-26 03:06 --------- d-----w C:\Documents and Settings\Julie\Application Data\AdobeUM
2008-05-23 14:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-23 14:21 --------- d-----w C:\Program Files\Gravity
2008-05-23 06:28 --------- d-----w C:\Documents and Settings\Julie\Application Data\DNA
2008-05-23 06:11 3,525,120 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-05-23 06:11 1,369,088 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-05-19 15:33 --------- d-----w C:\Program Files\bfgclient
2008-05-18 16:47 --------- d-----w C:\Documents and Settings\Julie\Application Data\Hamachi
2008-05-17 05:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-05-13 11:11 101,552 -c--a-w C:\Documents and Settings\Julie\Application Data\GDIPFONTCACHEV1.DAT
2008-05-13 10:17 --------- d-----w C:\Documents and Settings\Julie\Application Data\BitTorrent
2008-05-13 00:19 --------- d-----w C:\Program Files\Western Digital
2008-04-27 07:29 17,480 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-27 07:29 --------- d-----w C:\Program Files\Hamachi
2008-04-27 06:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Valve
2008-04-20 13:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-20 13:47 --------- d-----w C:\Program Files\Lavasoft
2008-04-20 13:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-19 13:52 --------- d-----w C:\Documents and Settings\Julie\Application Data\Ventrilo
2008-04-19 08:10 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-04-19 08:09 --------- d-----w C:\Documents and Settings\Julie\Application Data\AVG7
2008-04-17 12:37 --------- d-----w C:\Program Files\iWin.com
2008-04-17 12:31 --------- d-----w C:\Documents and Settings\Julie\Application Data\Restorer
2008-04-15 06:38 --------- d-----w C:\Program Files\Common Files\DirectX
2008-04-12 18:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gogii
2008-04-12 17:57 --------- d-----w C:\Program Files\iWin Games
2008-04-10 03:36 --------- d-----w C:\Program Files\Google
2008-04-03 02:07 1,086,952 ----a-w C:\WINDOWS\SYSTEM32\zpeng24.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-16 06:37 364,544 ----a-w C:\WINDOWS\SYSTEM32\WDBtnMgr.exe
2008-03-14 08:28 0 ----a-w C:\Program Files\temp01
2008-01-01 20:29 22,328 ----a-w C:\Documents and Settings\Julie\Application Data\PnkBstrK.sys
2006-09-27 04:31 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-05-22 08:54 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-05-22 08:54 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-04-03 07:10 1271032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-02 18:46 270336]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 17:34 213936]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]
"lphcc8lj0en9e"="C:\WINDOWS\system32\lphcc8lj0en9e.exe" [2008-06-08 01:06 92160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 03:48 53760 C:\WINDOWS\SYSTEM32\narrator.exe]

C:\Documents and Settings\Julie\Start Menu\Programs\Startup\
iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2007-12-08 10:47:25 107520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)
"GreyMSIAds"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-02-22 13:47 9216 C:\WINDOWS\SYSTEM32\avgwlntf.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Charter High-Speed Security Suite.lnk]
backup=C:\WINDOWS\pss\Charter High-Speed Security Suite.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Media Card Companion Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Media Card Companion Monitor.lnk
backup=C:\WINDOWS\pss\Media Card Companion Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrecisionTime.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^updater.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Julie^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
path=C:\Documents and Settings\Julie\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
backup=C:\WINDOWS\pss\iWin Desktop Alerts.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Julie^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
path=C:\Documents and Settings\Julie\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk
backup=C:\WINDOWS\pss\Memeo AutoSync Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Julie^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Julie^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
path=C:\Documents and Settings\Julie\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
backup=C:\WINDOWS\pss\WD Anywhere Backup Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\180ax]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdRoarUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-05-07 11:01 289088 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dvx]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameComm]
C:\Program Files\GameComm\GameComm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
-----c--- 2003-04-14 20:05 1498032 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a--c--- 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-09-17 01:07 8491008 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-09-17 01:07 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PGStub.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pszghof]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qwqae]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmss]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vrmon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VrSchedule]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wast]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"Ventrilo"=2 (0x2)
"usnjsvc"=3 (0x3)
"rpcapd"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"NetSvc"=3 (0x3)
"LexBceS"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"Diskeeper"=2 (0x2)
"Boonty Games"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"AVGFwSrv"=2 (0x2)
"AVGEMS"=2 (0x2)
"AvgCoreSvc"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"mmtask"=c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\World Editor.exe"=
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"C:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"=
"C:\\WINDOWS\\SYSTEM32\\dxdiag.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Steam\\steamapps\\the_aggressor400\\counter-strike source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"C:\\Program Files\\Steam\\steamapps\\the_aggressor400\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"=
"C:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=
"C:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Ocean Technologies & Media\\GG E-Sports Platform\\GGclient.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\iWin Games\\iWinGames.exe"=
"C:\\Program Files\\iWin Games\\WebUpdater.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:matthew
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"37499:TCP"= 37499:TCP:*:Disabled:SolidNetworkManager
"37499:UDP"= 37499:UDP:*:Disabled:SolidNetworkManager
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 iWinGamesInstaller;iWinGamesInstaller;C:\Program Files\iWin Games\iWinGamesInstaller.exe [2008-03-05 07:49]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 01:01]
S3 gtermddo;gtermddo;C:\DOCUME~1\Julie\LOCALS~1\Temp\gtermddo.sys []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 12:31]
S4 AutoSyncService;Memeo AutoSync ;"C:\Program Files\Memeo\AutoSync\MemeoService.exe" [2007-07-06 17:28]
S4 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2007-03-30 15:02]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3427fb6-f1a2-11dc-9644-000cf17d5fae}]
\Shell\AutoRun\command - Z:\wd_windows_tools\WDEULA.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-14 01:25:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-10 05:45:27 C:\WINDOWS\Tasks\User_Feed_Synchronization-{618BB76F-17BF-4D9D-8884-2B88CD3228E0}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 15:56:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-10 15:59:36
ComboFix-quarantined-files.txt 2008-06-10 20:59:28

Pre-Run: 9,419,378,688 bytes free
Post-Run: 9,400,233,984 bytes free

316 --- E O F --- 2008-05-28 08:56:38

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:08:45 PM, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\lphcc8lj0en9e.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [lphcc8lj0en9e] C:\WINDOWS\system32\lphcc8lj0en9e.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Miss%20Teri%20Tale/Images/stg_drm.ocx
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://www.snickers.com/racing/wallpapers/image3.jpg

--
End of file - 7053 bytes

thanks for your help

Edited by Aggressor, 10 June 2008 - 03:08 PM.


#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 11 June 2008 - 08:03 AM

If you will,upload these files to the site below
http://www.uploadmalware.com

C:\WINDOWS\SYSTEM32\blphcc8lj0en9e.scr
C:\WINDOWS\SYSTEM32\lphcc8lj0en9e.exe
C:\WINDOWS\SYSTEM32\phcc8lj0en9e.bmp

List for me whats inside these folders please.
C:\Program Files\shca8lj0en9e
C:\Documents and Settings\Julie\Application Data\shca8lj0en9e

If you dont use iWin Games, uninstall it.

Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [lphcc8lj0en9e] C:\WINDOWS\system32\lphcc8lj0en9e.exe

O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} () - http://69.56.176.227/webplugin.cab

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button

Finally,follow the directions Here
to download,install and run SDFix in Safe Mode.

Once its completed,locate the log it generates and post it back here along with a fresh hijackthis log,please.

After that go ahead and run a online scan at the site below
http://www.pandasoftware.com/products/activescan.htm

It should also prompt to save a log,please do so and post it when completed.

#5 Aggressor

Aggressor
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 11 June 2008 - 03:42 PM

I uploaded the files you told me to http://www.uploadmalware.com

Inside of C:\Program Files\shca8lj0en9e is database.dat,license.txt,MFC71.dll,MFC71ENU.DLL,mcvcp71.dll,msvcr71.dll,shca8lj0en9e.exe.local,shca8lj0en9eSkin.dll,Uninstall.exe

Inside of C:\Documents and Settings\Julie\Application Data\shca8lj0en9e is another folder with "Quarantine" in it

i figured out that iwin games was spyware, and i'm going to remove it

also, there was no "O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)" to remove so i skipped that


SDFix: Version 1.191
Run by Julie on Wed 06/11/2008 at 03:23 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 15:46:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"="C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Warcraft III\\World Editor.exe"="C:\\Program Files\\Warcraft III\\World Editor.exe:*:Enabled:Warcraft III World Editor"
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"="C:\\Program Files\\Warcraft III\\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"="C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"="C:\\WINDOWS\\SYSTEM32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\WINDOWS\\SYSTEM32\\dxdiag.exe"="C:\\WINDOWS\\SYSTEM32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:ęTorrent"
"C:\\Program Files\\Steam\\steamapps\\the_aggressor400\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\the_aggressor400\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Messenger"
"C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program Files\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Steam\\steamapps\\the_aggressor400\\team fortress 2\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\the_aggressor400\\team fortress 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"="C:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe:*:Enabled:Media Player Classic"
"C:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"="C:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"="C:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Ocean Technologies & Media\\GG E-Sports Platform\\GGclient.exe"="C:\\Program Files\\Ocean Technologies & Media\\GG E-Sports Platform\\GGclient.exe:*:Enabled:GG E-Sports Platform Client"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\iWin Games\\iWinGames.exe"="C:\\Program Files\\iWin Games\\iWinGames.exe:*:Enabled:iWin Games application."
"C:\\Program Files\\iWin Games\\WebUpdater.exe"="C:\\Program Files\\iWin Games\\WebUpdater.exe:*:Enabled:iWin Games updater."
"C:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"="C:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe:*:Enabled:TmForever"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1155762009\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1155762009\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :



Files with Hidden Attributes :

Wed 4 Aug 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe"
Wed 18 Oct 2006 64,000 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
Sun 25 Sep 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 28 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 27 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT2.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT1.tmp"
Fri 6 Jun 2008 214,016 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Julie\LOCALS~1\Temp\~192.tmp"

Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:07 PM, on 6/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\program files\steam\steam.exe
C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Miss%20Teri%20Tale/Images/stg_drm.ocx
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://www.snickers.com/racing/wallpapers/image3.jpg

--
End of file - 7023 bytes


and im working on the panda scan right now

Edited by Aggressor, 11 June 2008 - 06:10 PM.


#6 Aggressor

Aggressor
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 11 June 2008 - 06:08 PM

took me hours to do this scan but here it is

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-06-11 19:09:17
PROTECTIONS: 1
MALWARE: 14
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
7.5.441 7.5.441 Yes No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00047863 adware/ieplugin Adware No 0 Yes No c:\windows\kwv2.dat
00047993 adware/powerscan Adware No 0 Yes No hkey_local_machine\software\intrigue learning
00047993 adware/powerscan Adware No 0 Yes No c:\program files\intrigue learning
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\e56ngjy3.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\e56ngjy3.default\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Julie\Desktop\SDFix.exe[SDFix\apps\Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Julie\Desktop\New Folder\SmitfraudFix\Process.exe
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\e56ngjy3.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\e56ngjy3.default\cookies.txt[ad.yieldmanager.com/]
00521370 Spyware/Iehelp Spyware No 1 Yes No C:\Program Files\iWin Games\iWinGamesHookIE.dll
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\Julie\Desktop\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
02893775 Spyware/Iehelp Spyware No 1 Yes No C:\Program Files\iWin Games\firefox\iWinArcadeLauncher.exe
02910981 Adware/iWinArcade Adware No 0 Yes No C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\IWIN GAMES\DESKTOPALERTS\DESKTOPALERTS.EXE
02990320 Application/BoontyGames HackTools No 0 Yes No C:\PROGRAM FILES\COMMON FILES\BOONTY SHARED\SERVICE\BOONTY.EXE
03008451 Application/AdvancedXPFixer HackTools No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000010.dll
03008451 Application/AdvancedXPFixer HackTools No 0 Yes No C:\Program Files\shca8lj0en9e\shca8lj0en9eSkin.dll
03053495 Adware/VapSup Adware No 0 Yes No C:\WINDOWS\SYSTEM32\blphcc8lj0en9e.scr
03053495 Adware/VapSup Adware No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0001188.scr
03064986 Adware/MalwareAlarm Adware No 1 Yes No C:\WINDOWS\SYSTEM32\lphcc8lj0en9e.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

#7 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 12 June 2008 - 01:06 AM

Go ahead and delete all these:

Files
C:\WINDOWS\SYSTEM32\blphcc8lj0en9e.scr
C:\WINDOWS\SYSTEM32\lphcc8lj0en9e.exe
C:\WINDOWS\SYSTEM32\phcc8lj0en9e.bmp
c:\windows\kwv2.dat

Folders
C:\Program Files\shca8lj0en9e
C:\Documents and Settings\Julie\Application Data\shca8lj0en9e
c:\program files\intrigue learning

After that reboot and scan fresh with ComboFix please and post the resulting log.

#8 Aggressor

Aggressor
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 12 June 2008 - 09:34 AM

ComboFix 08-06-09.7 - Julie 2008-06-12 10:22:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.886 [GMT -5:00]
Running from: C:\Documents and Settings\Julie\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
.

2008-06-11 15:59 . 2008-06-11 15:59 <DIR> d-------- C:\Program Files\Panda Security
2008-06-11 15:18 . 2008-06-11 15:18 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-11 15:05 . 2008-06-11 15:06 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-11 14:37 . 2008-06-11 15:52 <DIR> d----c--- C:\SDFix
2008-06-08 05:45 . 2008-06-08 05:45 <DIR> d----c--- C:\Deckard
2008-06-08 01:09 . 2008-06-08 01:09 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 01:09 . 2008-06-08 01:09 <DIR> d-------- C:\Documents and Settings\Julie\Application Data\Malwarebytes
2008-06-08 01:09 . 2008-06-08 01:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-08 01:09 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys
2008-06-08 01:09 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-06-08 01:08 . 2008-06-08 01:08 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-07 13:42 . 2008-06-07 14:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-06-05 08:02 . 2008-06-05 08:02 <DIR> d-------- C:\Documents and Settings\Julie\Application Data\Gogii Games
2008-06-05 08:02 . 2008-06-05 08:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gogii Games
2008-06-03 09:24 . 2008-06-03 09:24 0 --a------ C:\WINDOWS\game.INI
2008-05-27 08:12 . 2008-05-27 08:12 <DIR> d-------- C:\Program Files\Neffy
2008-05-23 01:17 . 2008-05-23 01:17 <DIR> d-------- C:\Documents and Settings\Julie\_curSkin
2008-05-22 22:27 . 2008-05-22 22:27 <DIR> d-------- C:\WINDOWS\SYSTEM32\_curSkin
2008-05-22 22:27 . 2008-05-22 23:30 <DIR> d-------- C:\Documents and Settings\Julie\Application Data\GameComm
2008-05-22 22:20 . 2008-05-23 01:12 <DIR> d-------- C:\Program Files\GameComm
2008-05-22 11:27 . 2008-05-22 11:27 <DIR> d-------- C:\Documents and Settings\Julie\Application Data\Games
2008-05-22 10:08 . 2008-05-22 10:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Astar Games
2008-05-22 08:56 . 2008-06-12 10:06 2,199,584 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
2008-05-22 08:56 . 2008-06-12 10:06 25,604 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx
2008-05-22 08:54 . 2008-05-22 08:54 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-05-22 08:52 . 2008-05-22 08:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-22 08:52 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-05-22 08:52 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\SYSTEM32\SpOrder.dll
2008-05-22 08:52 . 2008-05-22 08:55 4,212 ---h----- C:\WINDOWS\SYSTEM32\zllictbl.dat
2008-05-22 08:51 . 2008-05-22 08:51 <DIR> d-------- C:\Program Files\Zone Labs
2008-05-22 08:50 . 2008-06-12 10:25 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-05-22 01:02 . 2008-05-22 08:19 <DIR> d-------- C:\Documents and Settings\Julie\Application Data\MysteryStudio
2008-05-16 21:23 . 2004-06-04 07:44 <DIR> d-------- C:\Documents and Settings\gjgj\Application Data\Symantec
2008-05-16 21:23 . 2004-06-04 07:39 <DIR> d-------- C:\Documents and Settings\gjgj\Application Data\Sonic
2008-05-16 21:23 . 2004-06-04 07:43 <DIR> d-------- C:\Documents and Settings\gjgj\Application Data\Jasc Software Inc
2008-05-16 21:23 . 2008-05-16 21:23 <DIR> d-------- C:\Documents and Settings\gjgj
2008-05-15 04:20 . 2008-05-15 04:20 80 --ah----- C:\WINDOWS\SYSTEM32\HsInfo.dat
2008-05-13 05:17 . 2008-05-13 05:17 <DIR> d-------- C:\Program Files\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 15:18 --------- d-----w C:\Program Files\Steam
2008-06-12 14:52 1,451,520 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-06-12 04:26 --------- d-----w C:\Program Files\Warcraft III
2008-06-12 01:11 --------- d-----w C:\Program Files\Starcraft
2008-06-12 00:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\iWin Games
2008-06-11 19:23 101,552 -c--a-w C:\Documents and Settings\Julie\Application Data\GDIPFONTCACHEV1.DAT
2008-06-11 00:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-11 00:20 --------- d-----w C:\Program Files\iWin.com
2008-06-10 05:46 --------- d-----w C:\Program Files\PokerStars.NET
2008-06-09 23:32 1,403,904 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-06-07 19:47 --------- d-----w C:\Program Files\Shockwave.com
2008-06-06 14:02 --------- d-----w C:\Documents and Settings\Julie\Application Data\uTorrent
2008-06-05 11:53 --------- d-----w C:\Documents and Settings\Julie\Application Data\Flood Light Games
2008-06-05 11:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-06-03 07:19 --------- d-----w C:\Program Files\Nancy Drew
2008-05-26 03:06 --------- d-----w C:\Documents and Settings\Julie\Application Data\AdobeUM
2008-05-23 14:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-23 14:21 --------- d-----w C:\Program Files\Gravity
2008-05-23 06:28 --------- d-----w C:\Documents and Settings\Julie\Application Data\DNA
2008-05-23 06:11 3,525,120 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-05-23 06:11 1,369,088 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-05-19 15:33 --------- d-----w C:\Program Files\bfgclient
2008-05-18 16:47 --------- d-----w C:\Documents and Settings\Julie\Application Data\Hamachi
2008-05-17 05:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-05-13 10:17 --------- d-----w C:\Documents and Settings\Julie\Application Data\BitTorrent
2008-05-13 00:19 --------- d-----w C:\Program Files\Western Digital
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2008-04-27 07:29 17,480 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-27 07:29 --------- d-----w C:\Program Files\Hamachi
2008-04-27 06:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Valve
2008-04-24 03:16 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-04-22 07:40 625,664 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-04-22 07:39 70,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-04-20 13:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-20 13:47 --------- d-----w C:\Program Files\Lavasoft
2008-04-20 13:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-04-19 13:52 --------- d-----w C:\Documents and Settings\Julie\Application Data\Ventrilo
2008-04-19 08:10 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-04-19 08:09 --------- d-----w C:\Documents and Settings\Julie\Application Data\AVG7
2008-04-17 12:31 --------- d-----w C:\Documents and Settings\Julie\Application Data\Restorer
2008-04-15 06:38 --------- d-----w C:\Program Files\Common Files\DirectX
2008-04-14 11:01 272,128 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-04-14 11:01 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-12 18:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gogii
2008-04-03 02:07 1,086,952 ----a-w C:\WINDOWS\SYSTEM32\zpeng24.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-16 06:37 364,544 ----a-w C:\WINDOWS\SYSTEM32\WDBtnMgr.exe
2008-03-14 08:28 0 ----a-w C:\Program Files\temp01
2008-01-01 20:29 22,328 ----a-w C:\Documents and Settings\Julie\Application Data\PnkBstrK.sys
2006-09-27 04:31 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-10_15.59.00.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
- 2008-06-10 01:42:43 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-06-12 15:07:10 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-21 17:56:08 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll
+ 2007-07-18 19:49:56 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\libcomm.dll
+ 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\I386\bthport.sys
+ 2008-06-11 07:07:53 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-06-11 20:19:06 22,958,080 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-06-11 20:19:06 360,448 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-06-11 07:07:53 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-06-11 20:18:43 22,958,080 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-06-11 20:18:44 360,448 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 13:06:21 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 13:06:21 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 13:06:21 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 13:06:25 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 23:36:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 13:06:28 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 13:06:28 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 13:06:29 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 13:06:29 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 13:06:30 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 13:06:31 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
- 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
- 2008-03-01 13:06:21 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
+ 2008-04-23 04:16:28 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
- 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
- 2008-03-01 13:06:22 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
- 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
- 2008-03-01 13:06:25 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
- 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
- 2008-03-01 13:06:26 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
- 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
- 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
- 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
+ 2008-04-23 04:16:28 102,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
- 2008-03-01 13:06:29 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
+ 2008-04-23 04:16:28 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
- 2008-03-01 13:06:30 233,472 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
- 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
+ 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
- 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
+ 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
- 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
- 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
- 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
- 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
- 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 -c--a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 -c--a-w C:\WINDOWS\SYSTEM32\MRT.exe
- 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
- 2008-03-01 23:36:30 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
+ 2008-04-24 03:16:30 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
- 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
- 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
- 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
- 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
+ 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
- 2006-10-16 21:10:58 14,640 -c----w C:\WINDOWS\SYSTEM32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\SYSTEM32\spmsg.dll
- 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
- 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
- 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-05-22 08:54 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-05-22 08:54 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-04-03 07:10 1271032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-02 18:46 270336]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 17:34 213936]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 03:48 53760 C:\WINDOWS\SYSTEM32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)
"GreyMSIAds"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-02-22 13:47 9216 C:\WINDOWS\SYSTEM32\avgwlntf.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Charter High-Speed Security Suite.lnk]
backup=C:\WINDOWS\pss\Charter High-Speed Security Suite.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Media Card Companion Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Media Card Companion Monitor.lnk
backup=C:\WINDOWS\pss\Media Card Companion Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrecisionTime.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^updater.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Julie^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
path=C:\Documents and Settings\Julie\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
backup=C:\WINDOWS\pss\iWin Desktop Alerts.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Julie^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
path=C:\Documents and Settings\Julie\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk
backup=C:\WINDOWS\pss\Memeo AutoSync Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Julie^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Julie^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
path=C:\Documents and Settings\Julie\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
backup=C:\WINDOWS\pss\WD Anywhere Backup Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\180ax]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdRoarUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-05-07 11:01 289088 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dvx]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameComm]
C:\Program Files\GameComm\GameComm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
-----c--- 2003-04-14 20:05 1498032 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a--c--- 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-09-17 01:07 8491008 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-09-17 01:07 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PGStub.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pszghof]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qwqae]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmss]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vrmon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VrSchedule]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wast]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"Ventrilo"=2 (0x2)
"usnjsvc"=3 (0x3)
"rpcapd"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"NetSvc"=3 (0x3)
"LexBceS"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"Diskeeper"=2 (0x2)
"Boonty Games"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"AVGFwSrv"=2 (0x2)
"AVGEMS"=2 (0x2)
"AvgCoreSvc"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"mmtask"=c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\World Editor.exe"=
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"C:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"=
"C:\\WINDOWS\\SYSTEM32\\dxdiag.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Steam\\steamapps\\the_aggressor400\\counter-strike source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"C:\\Program Files\\Steam\\steamapps\\the_aggressor400\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"=
"C:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=
"C:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Ocean Technologies & Media\\GG E-Sports Platform\\GGclient.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:matthew
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"37499:TCP"= 37499:TCP:*:Disabled:SolidNetworkManager
"37499:UDP"= 37499:UDP:*:Disabled:SolidNetworkManager
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 01:01]
S3 gtermddo;gtermddo;C:\DOCUME~1\Julie\LOCALS~1\Temp\gtermddo.sys []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 12:31]
S4 AutoSyncService;Memeo AutoSync ;"C:\Program Files\Memeo\AutoSync\MemeoService.exe" [2007-07-06 17:28]
S4 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2007-03-30 15:02]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3427fb6-f1a2-11dc-9644-000cf17d5fae}]
\Shell\AutoRun\command - Z:\wd_windows_tools\WDEULA.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-11 01:25:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-12 15:22:11 C:\WINDOWS\Tasks\User_Feed_Synchronization-{618BB76F-17BF-4D9D-8884-2B88CD3228E0}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 10:26:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-12 10:29:38
ComboFix-quarantined-files.txt 2008-06-12 15:29:14
ComboFix2.txt 2008-06-10 20:59:37

Pre-Run: 8,760,135,680 bytes free
Post-Run: 8,740,003,840 bytes free

473 --- E O F --- 2008-06-11 20:09:23

#9 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 12 June 2008 - 02:04 PM

Go ahead and delete this folder--> C:\Program Files\iWin.com

How does the PC seem to be acting today?

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#10 Aggressor

Aggressor
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 12 June 2008 - 07:03 PM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, June 12, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, June 12, 2008 17:37:42
Records in database: 856812
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 78478
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 03:17:54


File name / Threat name / Threats count
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001893.dll Infected: not-a-virus:AdWare.Win32.AdMedia.g 1

The selected area was scanned.

#11 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 13 June 2008 - 05:27 AM

You need to reset System Restore and Clear out all the old infected restore points.
  • Click Start
  • Right-Click "My Computer" and Select Properties.
  • Click on the "System Restore" tab.
  • Place a checkmark in the box for "Turn off System Restore" and Click "Apply."
  • Restart the Computer.
  • Return to System Restore and Uncheck the box for "Turn off System Restore" and Click "Apply."
  • A fresh Restore Point will be created.
Take the time to look through Add\Remove Programs and get rid of anything you dont use and are sure you can live without and keep all current applications up to date and fully patched.

Secunia has a good check for such things
http://secunia.com/software_inspector/


So,How is the PC running today?

#12 Aggressor

Aggressor
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 13 June 2008 - 09:39 AM

I removed the programs I didn't want anymore, and updated all my applications using secunia. My computer is running like brand new. Thanks for your help :thumbsup:

#13 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 15 June 2008 - 06:22 AM

That is good news indeed! :thumbsup:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Windows, Internet Explorer and Microsoft Office Updates

Visit Microsoft's Windows Update Site frequently. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

If you are running Microsoft Office, or any application of it, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed.

If you have trouble with Windows Update, you still can get all the Critical Updates, Security Fixes and Service Packs. Below are a few links to bookmark.

Microsoft Security Bulletins
http://www.microsoft.com/technet/security/current.aspx

Office downloads
http://office.microsoft.com/en-us/officeupdate/default.aspx

Download Center
http://www.microsoft.com/downloads/search.aspx

Microsoft Security Advisories
http://www.microsoft.com/technet/security/...ry/default.mspx

Recently Published
http://www.microsoft.com/technet/security/...nt/default.mspx

Programs that may help you in keeping the PC clean

ERUNT(The Emergency Recovery Utility for NT) can be found Here or Here
  • You can use this utility as a primary registry backup utility, apart from System Restore.
  • Two methods of registry backup ( System Restore and using ERUNT ) is often recommended.
  • Detailed usage can be found Here
It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See the link below for a listing of some online & their stand-alone antivirus programs.
Computer Safety On line - Anti-Virus
http://forum.malwareremoval.com/viewtopic.php?p=53#53

Update your Anti Virus Software

It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall

I can not stress enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below.
Computer Safety On line - Software Firewalls
http://forum.malwareremoval.com/viewtopic.php?p=56#56
A tutorial on Understanding and Using Firewalls can be found here

Additional Information

For more information about Spyware, the tools available, and other informative material, including information on how you may have been infected in the first place, please check out this link.

A very nice collection of tutorials is available at Bleeping Computer
http://www.bleepingcomputer.com/tutorials/

Finally, after following up on all these recommendations, run Jason Levine's Browser Security Tests ?
They will provide you with an insight on how vulnerable you might still be to a number of common exploits.
http://www.jasons-toolbox.com/BrowserSecurity/

Other Security checks and more sites relating to computer security are listed below, take the time to visit these when you have time.
Symantec Security Check
Gibson Research Corporation Home Page (Look for the Hot Spots Section)
McAfee SiteAdvisor
LinkScanner
GFI Email Security Testing Zone




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users