Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirected Search Results And Possible Trojans


  • This topic is locked This topic is locked
16 replies to this topic

#1 sa000

sa000

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 24 June 2008 - 01:55 PM

Every time I search something in google or yahoo or any other search engines I get redirected to a different random site. This happens when I click a stie that is given by the search engine for example if I type national basketball association and the first site is nba.com and if I click that I get redirected. I have used search & destroy, super anitspyware, ad aware, avast anitvirus, and Avg 7.5 and I still have the problems. Also I have noticed that avast and Avg have detected some Trojans and although they are removed I am not sure if they are completly removed. I really need someoen to help me cause I am scared if my computer will not work any more. I hope I explained the situation cleary for you to understand. Please, Please help me. Below is my Hijack this file.

Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-24 14:44:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
80: 2008-06-24 15:33:20 UTC - RP80 - Deckard's System Scanner Restore Point
79: 2008-06-24 02:32:11 UTC - RP79 - Installed Ad-Aware
78: 2008-06-23 23:02:06 UTC - RP78 - Software Distribution Service 3.0
77: 2008-06-23 05:52:46 UTC - RP77 - System Checkpoint
76: 2008-06-22 05:20:05 UTC - RP76 - System Checkpoint


-- First Restore Point --
1: 2008-05-25 17:37:35 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-24 14:49:25
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Stardock\sdmcp.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Documents and Settings\Owner\Desktop\s\dss.exe
C:\WINDOWS\system32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0cc7b9ed-9566-c5bc-89dd-02791aa1a9ac} - C:\Documents and Settings\All Users\Application Data\apienact\SetChk.dll
O2 - BHO: (no name) - {1f32aad1-d096-6ca3-52aa-0193a6d98d71} - C:\Documents and Settings\All Users\Application Data\chkcomsh\MntShApl.dll
O2 - BHO: (no name) - {217af9d5-f0d2-f65b-7310-0a00c26e0a38} - C:\WINDOWS\TEMP\UiComApp.dll (file missing)
O2 - BHO: (no name) - {3e318ed4-977b-2c72-d4a5-07d2dcd34b0e} - C:\Documents and Settings\All Users\Application Data\utilweb\smartapi.dll
O2 - BHO: (no name) - {44686E82-F03F-8EE0-1C16-828DBE26D3B9} - (no file)
O2 - BHO: {bd468865-5068-d5eb-2f04-d234ad23dd19} - {91dd32da-432d-40f2-be5d-8605568864db} - (no file)
O2 - BHO: (no name) - {98913570-bd03-4c98-bfc5-7eccef1e0f94} - C:\WINDOWS\system32\efcASjkK.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelper.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [c0.exe] "C:\aidualc3\c0.exe"
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\Resources\ISSO\Software\VIPhd\vsdrv.exe
O4 - HKLM\..\Run: [Isso Reloader] C:\WINDOWS\resources\ISSO\Tools\sysfupw.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ViOrb] C:\WINDOWS\resources\Themes\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\WINDOWS\resources\ISSO\Software\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - CmdMapping - (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: https://ameritrade.com (HKCU)
O15 - Trusted Zone: https://tdameritrade.com (HKCU)
O16 - DPF: Yahoo! Checkers () - http://origin.games.yahoo.net/games/clients/y/kt4_x.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/7.../OGAControl.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/8/b...heckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung....can8/oscan8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_2.ocx
O16 - DPF: {89A9F739-8F34-40E1-BCD3-62BABEAD3C6F} (MSN Money QuickList) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{2458BFCA-0677-4539-B63A-551423F3A367}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: cscdll - C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: jkkKeeba - C:\WINDOWS\system32\jkkKeeba.dll (file missing)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Common Files\Stardock\MCPCore.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O21 - SSODL: msgsys - {0ED0D41C-290D-B8D0-F2B9-028BD8958A7A} - C:\Program Files\hfkan\msgsys.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSVC - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\ramaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Unknown owner - C:\Program Files\Webroot\Washer\WasherSvc.exe


--
End of file - 14257 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.scr - scrfile - shell\open\command - NOTEPAD.EXE %1
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ISODrive (ISO DVD/CD-ROM Device Driver) - c:\program files\ultraiso\drivers\isodrive.sys <Not Verified; EZB Systems, Inc.; ISODrive>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S0 SSFS0BB9 (Spy Sweeper File System Filer Driver: 0BB9) - c:\windows\system32\drivers\ssfs0bb9.sys (file missing)
S0 SSHRMD (Spy Sweeper Hookrack MiniDriver) - c:\windows\system32\drivers\sshrmd.sys (file missing)
S0 SSIDRV (Spy Sweeper Interdiction Driver) - c:\windows\system32\drivers\ssidrv.sys (file missing)
S3 catchme - c:\windows\temp\catchme.sys (file missing)
S3 nocashio - c:\windows\system32\drivers\nocashio.sys
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Sophos AutoUpdate Service - "c:\program files\sophos\autoupdate\alsvc.exe" <Not Verified; Sophos Plc; Sophos AutoUpdate>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 Imapi Helper - "c:\program files\alex feinman\iso recorder\imapihelper.exe" <Not Verified; Alex Feinman; ISO Recorder>
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
S4 Boonty Games - "c:\program files\common files\boonty shared\service\boonty.exe" <Not Verified; BOONTY; Boonty Games>
S4 WebrootSpySweeperService (Webroot Spy Sweeper Engine) - "c:\program files\webroot\spy sweeper\spysweeper.exe" (file missing)
S4 wwEngineSvc (Window Washer Engine) - c:\program files\webroot\washer\washersvc.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-24 14:50:00 418 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{48FE07AC-F546-4FF3-B37D-DEC3FBAC83D7}.job
2008-06-20 17:15:00 390 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-05-24 and 2008-06-24 -----------------------------

2008-06-24 14:43:43 0 d-------- C:\Program Files\Trend Micro
2008-06-23 22:32:15 0 d-------- C:\Program Files\Lavasoft
2008-06-23 22:32:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-21 16:16:13 0 d-------- C:\Documents and Settings\Owner\Application Data\ViStart
2008-06-21 16:16:12 0 d-------- C:\Program Files\ViStart
2008-06-21 15:38:30 0 d-------- C:\Documents and Settings\Owner\Application Data\Real Desktop
2008-06-21 13:53:44 0 d-------- C:\Documents and Settings\Owner\Application Data\Consultia
2008-06-21 13:53:02 0 d-------- C:\Program Files\CubeDesktop
2008-06-21 00:41:06 0 d-------- C:\Documents and Settings\Owner\Application Data\Thinking Minds Budiling Bytes
2008-06-20 13:34:38 967 --a------ C:\WINDOWS\ScUnin.pif
2008-06-20 13:34:38 35382 --a------ C:\WINDOWS\scunin.dat
2008-06-20 13:34:37 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-06-17 19:18:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Styler
2008-06-17 11:58:11 0 d-------- C:\Program Files\VistaExperience.org
2008-06-17 11:57:07 0 d-------- C:\Program Files\Windows Sidebar
2008-06-17 11:56:24 0 d-------- C:\Program Files\Alky for Applications
2008-06-17 11:55:38 0 d-------- C:\WINDOWS\l2schemas
2008-06-17 11:53:56 0 d-------- C:\Program Files\Styler
2008-06-17 11:11:10 0 d-------- C:\Program Files\Shock Utility
2008-06-15 13:33:27 0 d-------- C:\Program Files\Roxio
2008-06-15 11:22:46 9060352 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-06-13 11:15:59 0 d--hs---- C:\Documents and Settings\Owner\Recent
2008-06-09 10:17:15 0 d-------- C:\Program Files\GameSpy Arcade
2008-06-09 10:14:15 0 d-------- C:\Program Files\Microsoft Games
2008-06-08 23:04:25 0 d-------- C:\Program Files\SopCast
2008-06-07 16:59:06 0 d-------- C:\Program Files\mIRC
2008-06-07 16:59:06 0 d-------- C:\Documents and Settings\Owner\Application Data\mIRC
2008-06-07 13:32:02 0 d-------- C:\Program Files\AVI MPEG RM WMV Splitter
2008-06-07 13:27:51 0 d-------- C:\Program Files\avisplit
2008-06-07 13:15:22 0 d-------- C:\Program Files\AC3Filter
2008-06-07 12:37:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-06-07 12:36:53 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-06-01 22:21:20 0 d-------- C:\Program Files\Videopot
2008-06-01 22:13:24 0 d-------- C:\Program Files\DAUM
2008-06-01 22:02:14 0 d-------- C:\Documents and Settings\Owner\Application Data\VimViewer
2008-06-01 22:01:49 0 d-------- C:\Documents and Settings\Owner\Application Data\VimCaster
2008-06-01 22:01:49 0 d-------- C:\Documents and Settings\Owner\Application Data\Log
2008-06-01 22:00:10 0 d-------- C:\Program Files\PANDORA.TV
2008-05-30 19:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX«>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX«>
2008-05-30 19:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX«>
2008-05-30 19:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX«>
2008-05-27 17:47:48 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-05-27 17:47:47 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-05-27 17:47:47 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-05-27 17:47:47 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-05-27 17:47:46 626688 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-05-27 17:47:42 0 d-------- C:\Program Files\VSO
2008-05-27 17:24:12 0 d-------- C:\Program Files\DVD Shrink
2008-05-27 16:33:40 0 d-------- C:\WINDOWS\ERUNT
2008-05-26 16:21:33 0 d-------- C:\Documents and Settings\All Users\Application Data\ActSetMnt
2008-05-26 16:21:30 0 d-------- C:\Documents and Settings\All Users\Application Data\chkcomsh
2008-05-26 13:55:26 2190 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-26 13:55:00 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-26 13:55:00 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-26 13:55:00 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-26 13:55:00 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-26 13:55:00 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-26 13:55:00 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-26 13:55:00 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-26 13:55:00 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-26 13:43:55 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-26 12:46:49 0 d-------- C:\Documents and Settings\All Users\Application Data\apiprocutil
2008-05-26 12:46:46 0 d-------- C:\Documents and Settings\All Users\Application Data\genen
2008-05-26 08:35:11 0 d-------- C:\Documents and Settings\All Users\Application Data\EnUi
2008-05-26 08:35:09 0 d-------- C:\Documents and Settings\All Users\Application Data\apienact
2008-05-25 21:56:35 0 d-------- C:\Documents and Settings\All Users\Application Data\actsyscmd
2008-05-25 21:56:34 0 d-------- C:\Documents and Settings\All Users\Application Data\dscdb
2008-05-25 21:56:29 98304 --a------ C:\WINDOWS\system32\otgzqfuf.exe
2008-05-25 18:03:19 0 d-------- C:\Documents and Settings\All Users\Application Data\ChkDscApp
2008-05-25 18:03:17 0 d-------- C:\Documents and Settings\All Users\Application Data\utilweb
2008-05-25 18:03:13 98304 --a------ C:\WINDOWS\system32\grelodov.exe
2008-05-25 16:51:20 0 d-------- C:\Documents and Settings\All Users\Application Data\AppChkAct
2008-05-25 16:48:23 0 d-------- C:\Program Files\PC-Cleaner
2008-05-25 13:37:24 900530 --ahs---- C:\WINDOWS\system32\KkjSAcfe.ini2
2008-05-25 13:34:41 0 d-------- C:\Program Files\hfkan
2008-05-25 13:34:36 0 d-------- C:\Documents and Settings\All Users\Application Data\xidohedw
2008-05-25 13:34:34 94208 --a------ C:\WINDOWS\system32\fstyvkje.exe
2008-05-25 13:33:05 221184 --a------ C:\WINDOWS\system32\nvrsma.dll
2008-05-25 13:33:01 93696 --a------ C:\WINDOWS\system32\ntpl.bin
2008-05-25 11:12:35 0 d-------- C:\AoneSoftOutput
2008-05-25 11:08:19 0 d-------- C:\Program Files\AVI DivX to DVD SVCD VCD Converter


-- Find3M Report ---------------------------------------------------------------

2008-06-24 11:30:32 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-06-24 11:17:19 0 d-------- C:\Program Files\Starcraft
2008-06-23 23:49:08 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-06-23 22:31:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 23:29:56 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-17 12:09:02 0 d-------- C:\Program Files\Windows NT
2008-06-17 12:09:01 0 d-------- C:\Program Files\Movie Maker
2008-06-17 11:45:35 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft« Windows« Operating System>
2008-06-15 00:38:26 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-06-15 00:38:11 0 d-------- C:\Program Files\Common Files
2008-06-07 13:06:45 0 d-------- C:\Program Files\DivX
2008-06-07 12:38:32 0 d-------- C:\Documents and Settings\Owner\Application Data\Roxio
2008-06-06 13:51:53 668 --a------ C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
2008-06-06 13:51:53 0 d-------- C:\Documents and Settings\Owner\Application Data\Vso
2008-05-28 19:05:47 0 d-------- C:\Program Files\Opera
2008-05-27 17:48:05 34 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.log
2008-05-27 17:48:00 47360 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-05-27 17:48:00 1144 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.inf
2008-05-27 17:48:00 7887 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.cat
2008-05-26 08:34:31 0 d-------- C:\Program Files\LogMeIn
2008-05-25 13:37:04 0 d-------- C:\Program Files\Nero
2008-05-25 13:33:07 523264 --a------ C:\WINDOWS\system32\user32.dll <Not Verified; Microsoft Corporation; Microsoft« Windows« Operating System>
2008-05-23 21:50:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Winamp
2008-05-22 21:13:55 0 d-------- C:\Program Files\NBX Audio Converter
2008-05-22 18:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-18 14:44:14 0 d-------- C:\Program Files\Common Files\NSV
2008-05-12 17:47:02 0 d-------- C:\Program Files\RK Launcher
2008-05-12 17:42:26 0 d-------- C:\Program Files\SlySoft
2008-05-10 23:27:43 0 d-------- C:\Program Files\Messenger
2008-05-10 23:23:58 0 d-------- C:\Program Files\QuickTime
2008-05-10 23:08:44 0 d-------- C:\Program Files\RocketDock
2008-05-09 16:16:07 0 -r-hs---- C:\config.sys
2008-05-08 20:48:42 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-08 19:46:06 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-07 20:51:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Obsidium
2008-05-07 20:50:24 0 d-------- C:\Program Files\NetIntellGames
2008-05-07 20:32:21 0 d-------- C:\Documents and Settings\Owner\Application Data\HTML Executable
2008-05-07 01:18:48 1531904 --a------ C:\WINDOWS\system32\quartz.dll
2008-05-06 18:59:10 0 d-------- C:\Program Files\MagicDisc
2008-05-06 06:10:33 0 d-------- C:\Program Files\Alex Feinman
2008-05-05 21:20:55 0 d-------- C:\Program Files\UltraISO
2008-05-05 21:20:49 0 d-------- C:\Program Files\Common Files\EZB Systems
2008-05-05 21:16:39 0 d-------- C:\Program Files\MagicISO
2008-05-03 23:27:00 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2008-05-03 23:26:16 0 d-------- C:\Program Files\iTunes
2008-05-03 23:25:58 0 d-------- C:\Program Files\iPod
2008-05-03 23:25:22 0 d-------- C:\Program Files\Bonjour
2008-05-03 23:22:51 0 d-------- C:\Program Files\Apple Software Update
2008-05-03 23:21:59 0 d-------- C:\Program Files\Common Files\Apple
2008-05-03 20:15:56 0 d-------- C:\Program Files\Free Online FLV Converter
2008-04-28 16:43:49 0 d-------- C:\Program Files\PeerGuardian2
2008-04-28 16:42:54 0 d-------- C:\Program Files\Yahoo!
2008-04-28 16:41:03 0 d-------- C:\Program Files\Sophos
2008-04-28 16:39:12 0 d-------- C:\Program Files\Maxthon2
2008-04-28 16:38:56 0 d-------- C:\Program Files\Mgutil
2008-04-28 16:37:13 0 d-------- C:\Program Files\HotkeyHelper
2008-04-27 19:31:53 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-27 08:56:57 827 --a------ C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
2008-04-27 00:17:08 0 d-------- C:\Program Files\Enigma Software Group
2008-04-26 21:59:45 0 d-------- C:\Program Files\Oberon Media
2008-04-26 21:10:45 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-04-25 17:47:26 0 d-------- C:\Program Files\Zone.com Deluxe Games
2008-04-19 21:35:17 4096 --a------ C:\WINDOWS\d3dx.dat
2008-04-10 21:54:34 1714 --a------ C:\Documents and Settings\Owner\Application Data\dm.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0cc7b9ed-9566-c5bc-89dd-02791aa1a9ac}]
05/26/2008 08:35 AM 55808 --a------ C:\Documents and Settings\All Users\Application Data\apienact\SetChk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f32aad1-d096-6ca3-52aa-0193a6d98d71}]
05/26/2008 04:21 PM 58880 --a------ C:\Documents and Settings\All Users\Application Data\chkcomsh\MntShApl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{217af9d5-f0d2-f65b-7310-0a00c26e0a38}]
C:\WINDOWS\TEMP\UiComApp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3e318ed4-977b-2c72-d4a5-07d2dcd34b0e}]
05/25/2008 06:03 PM 58880 --a------ C:\Documents and Settings\All Users\Application Data\utilweb\smartapi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44686E82-F03F-8EE0-1C16-828DBE26D3B9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91dd32da-432d-40f2-be5d-8605568864db}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98913570-bd03-4c98-bfc5-7eccef1e0f94}]
C:\WINDOWS\system32\efcASjkK.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/20/2004 06:55 PM]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 07:19 PM]
"c0.exe"="C:\aidualc3\c0.exe" [07/29/2007 03:48 PM]
"Vistadrv"="C:\WINDOWS\Resources\ISSO\Software\VIPhd\vsdrv.exe" [07/30/2006 01:37 AM]
"Isso Reloader"="C:\WINDOWS\resources\ISSO\Tools\sysfupw.exe" [03/26/2008 05:28 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/01/2008 01:48 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 PM]
"ViOrb"="C:\WINDOWS\resources\Themes\ViOrb\ViOrb.exe" [11/19/2007 12:01 PM]
"VisualTaskTips"="C:\WINDOWS\resources\ISSO\Software\VisualTaskTips\VisualTaskTips.exe" [02/19/2008 06:13 AM]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [12/02/2007 09:58 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"msgsys"= {0ED0D41C-290D-B8D0-F2B9-028BD8958A7A} - C:\Program Files\hfkan\msgsys.dll [05/25/2008 01:34 PM 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkKeeba]
jkkKeeba.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 11/15/2007 06:46 PM 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\Program Files\Common Files\Stardock\mcpstub.dll 08/25/2003 11:25 AM 139264 C:\Program Files\Common Files\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\efcASjkK

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=C:\WINDOWS\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^sakib^Start Menu^Programs^Startup^Konfabulator.lnk]
path=C:\Documents and Settings\sakib\Start Menu\Programs\Startup\Konfabulator.lnk
backup=C:\WINDOWS\pss\Konfabulator.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^sakib^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\sakib\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CubeDesktop]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlmMgr]
"C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" restart=1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1130177598\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyTray.exe]
C:\Program Files\HotkeyHelper\HotkeyTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
"C:\Program Files\LClock\lclock.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
"C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mojo]
C:\Program Files\MojoSidekick\mojo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
"C:\Program Files\PowerISO\PWRISOVM.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pzcdpkzh]
C:\WINDOWS\system32\pmnmzgtq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Real Desktop]
"C:\Program Files\Real Desktop\Real Desktop.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
"C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"C:\Program Files\Spyware Doctor\SDTrayApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shock4Way3D]
C:\Program Files\Shock Utility\Shock4Way3D\Shock4Way3D.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tkldxkbe]
"C:\Program Files\Common Files\W?nSxS\j?vaw.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tpuwblgd]
C:\WINDOWS\system32\ibkhehmx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UPNP]
C:\WINDOWS\system32\upnpsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu]
"C:\Program Files\Vista Start Menu\VistaStartMenu.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
"C:\Program Files\Webroot\Washer\wwDisp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xuqhdski]
C:\WINDOWS\system32\zczchcly.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yodm3D]
C:\Documents and Settings\Owner\Desktop\s\Yodm3D\Yodm3D\Yodm3D.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McDetect.exe"=2 (0x2)
"WinDefend"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82bf5243-27da-11da-af16-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88979e27-c5ca-11d9-ad87-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c80c74e6-b00e-11dc-aff1-0013204862d4}]
AutoRun\command- J:\Autorun.exe /run
Shell00\Command- J:\Autorun.exe /run
Shell01\Command- J:\Autorun.exe /action
Shell02\Command- J:\Autorun.exe /uninstall

*Newly Created Service* - AAWSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
"C:\Program Files\Windows Sidebar\sidebar.exe /RegServer"



-- End of Deckard's System Scanner: finished at 2008-06-24 14:51:32 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.80GHz
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 1262.73 MiB / 650.14 MiB
Pagefile Memory (total/avail): 5213.51 MiB / 4545.18 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1876.31 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 71.36 GiB total, 15.12 GiB free.
D: is Fixed (FAT32) - 3.16 GiB total, 1.13 GiB free.
E: is CDROM (CDFS)
F: is CDROM (CDFS)
G: is CDROM (No Media)
H: is Removable (FAT)
I: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 71.36 GiB - C:
\PARTITION1 - Unknown - 3.16 GiB - D:

\\.\PHYSICALDRIVE1 - SanDisk U3 Cruzer Micro USB Device - 478.5 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 483.7 MiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
FirewallOverride is set.

AV: AVG 7.5.516 v7.5.516 (Grisoft)
AV: avast! antivirus 4.8.1201 [VPS 080624-0] v4.8.1201 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Disabled:btdownloadgui"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Disabled:Veoh Client"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program Files\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\win1426.tmp.exe"="C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\win1426.tmp.exe:*:Enabled:win1426.tmp"
"C:\\WINDOWS\\system32\\omybhayo.exe"="C:\\WINDOWS\\system32\\omy"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Bit Lord 1.1\\BitLord.exe"="C:\\Program Files\\Bit Lord 1.1\\BitLord.exe:*:Enabled:BitLord"
"C:\\Documents and Settings\\Owner\\Application Data\\U3\\0000187DA571D474\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\skype.exe"="C:\\Documents and Settings\\Owner\\Application Data\\U3\\0000187DA571D474\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\skype.exe:*:Enabled:Skype"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Documents and Settings\\Owner\\Desktop\\sa\\utorrent.exe"="C:\\Documents and Settings\\Owner\\Desktop\\sa\\utorrent.exe:*:Disabled:ÁTorrent"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:ÁTorrent"
"C:\\Program Files\\Starcraft\\Starcraft\\StarCraft.exe"="C:\\Program Files\\Starcraft\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Documents and Settings\\Owner\\My Documents\\Downloads\\[PC] NBA LIVE 08 [ENG] [dopeman]\\NB08\\NBA 08\\nbalive08.exe"="C:\\Documents and Settings\\Owner\\My Documents\\Downloads\\[PC] NBA LIVE 08 [ENG] [dopeman]\\NB08\\NBA 08\\nbalive08.exe:*:Enabled:NBA LIVE 08"
"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe:*:Enabled:Spy Sweeper"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\NetIntellGames\\Net Chess 6\\chess.exe"="C:\\Program Files\\NetIntellGames\\Net Chess 6\\chess.exe:*:Enabled:Net Chess"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\PANDORA.TV\\Live\\Live.exe"="C:\\Program Files\\PANDORA.TV\\Live\\Live.exe:*:Enabled:Live.exe"
"C:\\Program Files\\PANDORA.TV\\Live\\PANDORATVLive.exe"="C:\\Program Files\\PANDORA.TV\\Live\\PANDORATVLive.exe:*:Enabled:PANDORATVLive.exe"
"C:\\Program Files\\PANDORA.TV\\Live\\Viewer\\LiveRelay.exe"="C:\\Program Files\\PANDORA.TV\\Live\\Viewer\\LiveRelay.exe:*:Enabled:C:\\Program Files\\Pandora.TV\\Live\\Viewer\\LiveRelay.exe"
"C:\\Program Files\\PANDORA.TV\\Live\\Viewer\\VimViewer.dll"="C:\\Program Files\\PANDORA.TV\\Live\\Viewer\\VimViewer.dll:*:Enabled:C:\\Program Files\\Pandora.TV\\Live\\Viewer\\VimViewer.dll"
"C:\\Program Files\\DAUM\\PotPlayer\\daumvsvr.exe"="C:\\Program Files\\DAUM\\PotPlayer\\daumvsvr.exe:*:Enabled:VideoPot"
"C:\\Program Files\\DAUM\\PotPlayer\\PotPlayer.exe"="C:\\Program Files\\DAUM\\PotPlayer\\PotPlayer.exe:*:Enabled:Daum ?????"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"


-- Environment Variables -------------------------------------------------------

ALKY=C:\Program Files\Alky for Applications\Libraries\
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KHAIRUL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\KHAIRUL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Alky for Applications\Libraries\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\WINDOWS\TEMP
TMP=C:\WINDOWS\TEMP
USERDOMAIN=KHAIRUL
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Owner (admin)
LogMeInRemoteUser (admin)
LogMeInRemoteUser.YOUR-E358B65523 (new local, admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
ÁTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIMTunes --> C:\Program Files\AIMTunes\Uninstall.exe
Alky for Applications (Windows XP) --> MsiExec.exe /X{BB05D173-9681-4812-A7FA-BD4042A3DA00}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVI DivX to DVD SVCD VCD Converter 2.2.2 --> "C:\Program Files\AVI DivX to DVD SVCD VCD Converter\unins000.exe"
AVI Splitter --> "C:\Program Files\avisplit\unins000.exe"
AVI/MPEG/RM/WMV Splitter 4.28 --> "C:\Program Files\AVI MPEG RM WMV Splitter\unins000.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Camtasia Studio 5 --> MsiExec.exe /I{784E6B0F-00EC-4950-95A2-BBA64F44EC48}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ConvertXtoDVD 3.0.0.1 --> "C:\Program Files\VSO\ConvertX\3\unins000.exe"
CubeDesktop --> "C:\Program Files\CubeDesktop\Uninstall.exe"
Daum Ă╠ă├Ě╣└╠żţ --> "C:\Program Files\DAUM\PotPlayer\uninstall.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
FoxyTunes for Firefox --> "C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Free Online FLV Converter --> "C:\Program Files\Free Online FLV Converter\unins000.exe"
Gadget Installer --> MsiExec.exe /I{3F3733A5-8322-454D-A638-3B74E1C83752}
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
iColorFolder --> C:\WINDOWS\resources\ISSO\Software\iColorFolder\uninstall.exe
ISO Recorder --> MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21}
Isso Pack 4.4 --> C:\WINDOWS\resources\ISSO\Uninstall.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
LogMeIn --> MsiExec.exe /I{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Magic ISO Maker v5.4 (build 0256) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.6.93 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\Uninst.exe
NBX Audio Converter v2 --> "C:\Program Files\NBX Audio Converter\unins000.exe"
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Net Chess 6 --> C:\Program Files\NetIntellGames\Net Chess 6\uninstall.exe
ObjectDock Plus --> C:\PROGRA~1\Stardock\OBJECT~1\objectdock.exe /uninstall
Opera 9.27 --> MsiExec.exe /X{04DB4871-BC1D-44BF-AADB-47326365EB8C}
Opera 9.27 --> MsiExec.exe /X{503D6E3E-1A48-44F5-BB7C-EB3B593FAED0}
PANDORATV LIVE --> "C:\Program Files\PANDORA.TV\Live\unins000.exe"
PE Builder 3.1.10a --> "c:\pebuilder3110a\unins000.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RK Launcher 0.41 Leopard --> C:\Program Files\RK Launcher\uninstall.exe
RocketDock 1.3.5 --> "C:\Program Files\RocketDock\unins000.exe"
Roxio DVDit Pro HD --> MsiExec.exe /I{353073E8-1185-4823-8F3A-A1F4AF6DD2CD}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shock 4Way 3D v1.21 --> "C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Shock Utility\Shock4Way3D\IFU11F.inf
Shock 4Way 3D v1.25 --> "C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Shock Utility\Shock4Way3D\IFU15E.inf
SopCast 3.0.3 --> C:\Program Files\SopCast\uninst.exe
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Stardock Central --> C:\PROGRA~1\Stardock\SDCENT~1\UNWISE.EXE C:\PROGRA~1\Stardock\SDCENT~1\INSTALL.LOG
Styler --> MsiExec.exe /I{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}
SUPERAntiSpyware Professional --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TI Connect 1.6 --> MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
Ubuntu --> C:\ubuntu\Uninstall-Ubuntu.exe
UltraISO Premium V9.0 --> "C:\Program Files\UltraISO\unins000.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Window Washer --> C:\WINDOWS\Unwash6.exe
XVid;-) --> C:\Program Files\XVid;-)\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type22020 / Error
Event Submitted/Written: 06/21/2008 11:33:17 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x00a71312.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type22013 / Error
Event Submitted/Written: 06/21/2008 03:13:18 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.9.0.3071, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type22000 / Error
Event Submitted/Written: 06/21/2008 00:30:19 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application opera.exe, version 9.27.8841.0, faulting module unknown, version 0.0.0.0, fault address 0x0821e0c6.
Processing media-specific event for [opera.exe!ws!]

Event Record #/Type21929 / Error
Event Submitted/Written: 06/17/2008 05:10:42 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application sidebar.exe, version 6.0.6000.16386, faulting module vcomctl32.dll, version 0.0.0.0, fault address 0x00001213.
Processing media-specific event for [sidebar.exe!ws!]

Event Record #/Type21876 / Error
Event Submitted/Written: 06/16/2008 01:00:47 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module unknown, version 0.0.0.0, fault address 0x6295b4a7.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type54 / Warning
Event Submitted/Written: 06/24/2008 10:47:23 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type50 / Warning
Event Submitted/Written: 06/24/2008 05:14:53 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type46 / Warning
Event Submitted/Written: 06/24/2008 01:36:22 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type42 / Warning
Event Submitted/Written: 06/23/2008 11:47:08 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type33 / Warning
Event Submitted/Written: 06/23/2008 09:51:51 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-06-24 14:51:32 ------------

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 28 June 2008 - 11:16 AM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...


Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.



Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 sa000

sa000
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 30 June 2008 - 10:08 PM

I apologize for the late reply and it is nice to meet you and I thank you for your assistance and help with my problem. I have done what you have asked and below are the logs from hijackthis and Combofix. The first log one is combofix.
ComboFix 08-06-20.4 - Owner 2008-06-30 21:58:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.721 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\s\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\s\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
The following files were disabled during the run:
C:\Program Files\iolo\Common\Lib\ioloHL.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Rabio
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\Owner\Application Data\inst.exe
C:\Documents and Settings\Owner\Application Data\Microsoft\dtsc
C:\Documents and Settings\Owner\Application Data\Microsoft\dtsc\id
C:\Documents and Settings\Owner\Application Data\SCURIT~1
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\PC-Cleaner
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Downloaded Program Files\Temp
C:\WINDOWS\mainms.vpi
C:\WINDOWS\mantec~1
C:\WINDOWS\ssembl~1
C:\WINDOWS\stem~1
C:\WINDOWS\system32\b1
C:\WINDOWS\system32\bmf.cs
C:\WINDOWS\system32\ccs.so
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\ho.ln
C:\WINDOWS\system32\ijmqkjhh.ini
C:\WINDOWS\system32\KkjSAcfe.ini
C:\WINDOWS\system32\KkjSAcfe.ini2
C:\WINDOWS\system32\ko.o
C:\WINDOWS\system32\mjphbnve.dllbox
C:\WINDOWS\system32\mn.n
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\n3
C:\WINDOWS\system32\ntpl.bin
C:\WINDOWS\system32\nvrsma.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\version69ie7fix.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\wintst32.tmp
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.

2008-06-30 00:04 . 2008-06-30 00:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-25 16:31 . 2008-06-25 16:33 <DIR> d-------- C:\Program Files\a-squared Free
2008-06-24 14:43 . 2008-06-24 14:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-24 11:32 . 2008-06-24 11:32 <DIR> d-------- C:\Deckard
2008-06-23 22:32 . 2008-06-23 22:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-23 22:32 . 2008-06-23 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-21 16:16 . 2008-06-21 23:55 <DIR> d-------- C:\Program Files\ViStart
2008-06-21 16:16 . 2008-06-21 16:16 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ViStart
2008-06-21 15:38 . 2008-06-21 15:38 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Real Desktop
2008-06-21 13:53 . 2008-06-21 13:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Consultia
2008-06-21 00:41 . 2008-06-21 00:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Thinking Minds Budiling Bytes
2008-06-20 13:34 . 2008-06-20 13:36 94,208 --a------ C:\WINDOWS\ScUnin.exe
2008-06-20 13:34 . 2008-06-20 13:36 35,382 --a------ C:\WINDOWS\scunin.dat
2008-06-20 13:34 . 2008-06-20 13:36 967 --a------ C:\WINDOWS\ScUnin.pif
2008-06-17 19:18 . 2008-06-17 19:18 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Styler
2008-06-17 11:58 . 2008-06-17 11:58 <DIR> d-------- C:\Program Files\VistaExperience.org
2008-06-17 11:57 . 2008-06-17 23:17 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-06-17 11:56 . 2008-06-17 11:56 <DIR> d-------- C:\Program Files\Alky for Applications
2008-06-17 11:55 . 2008-06-17 11:55 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-17 11:54 . 2007-07-27 01:06 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-06-17 11:53 . 2008-06-17 19:18 <DIR> d-------- C:\Program Files\Styler
2008-06-17 11:45 . 2008-03-01 14:11 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-06-17 11:45 . 2008-06-17 11:45 218,624 --a--c--- C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-06-17 11:11 . 2008-06-17 11:11 <DIR> d-------- C:\Program Files\Shock Utility
2008-06-16 19:02 . 2008-06-17 11:55 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-15 13:33 . 2008-06-15 13:33 <DIR> d-------- C:\Program Files\Roxio
2008-06-11 05:01 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 05:01 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 10:17 . 2008-06-09 10:17 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-06-09 10:14 . 2008-06-09 10:14 <DIR> d-------- C:\Program Files\Microsoft Games
2008-06-08 23:04 . 2008-06-08 23:05 <DIR> d-------- C:\Program Files\SopCast
2008-06-07 16:59 . 2008-06-07 20:40 <DIR> d-------- C:\Program Files\mIRC
2008-06-07 16:59 . 2008-06-07 20:40 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\mIRC
2008-06-07 13:32 . 2008-06-07 13:32 <DIR> d-------- C:\Program Files\AVI MPEG RM WMV Splitter
2008-06-07 13:27 . 2008-06-07 13:27 <DIR> d-------- C:\Program Files\avisplit
2008-06-07 13:15 . 2008-06-07 13:15 <DIR> d-------- C:\Program Files\AC3Filter
2008-06-07 13:15 . 2007-08-18 03:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-06-07 12:37 . 2008-06-07 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-06-07 12:36 . 2008-06-15 13:24 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-06-01 22:21 . 2008-06-01 22:21 <DIR> d-------- C:\Program Files\Videopot
2008-06-01 22:13 . 2008-06-01 22:13 <DIR> d-------- C:\Program Files\DAUM
2008-06-01 22:02 . 2008-06-09 22:58 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\VimViewer
2008-06-01 22:01 . 2008-06-09 22:58 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\VimCaster
2008-06-01 22:01 . 2008-06-09 23:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Log
2008-06-01 22:01 . 2008-06-01 22:01 1,039,896 --a------ C:\WINDOWS\system32\MiniAX.ocx
2008-06-01 22:01 . 2008-06-01 22:01 124,432 --a------ C:\WINDOWS\system32\PanInstaller.dll
2008-06-01 22:01 . 2008-06-01 22:01 83,480 --a------ C:\WINDOWS\system32\FirstLoad.dll
2008-06-01 22:00 . 2008-06-01 22:00 <DIR> d-------- C:\Program Files\PANDORA.TV

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 01:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-01 01:44 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-07-01 01:15 --------- d-----w C:\Program Files\Starcraft
2008-06-24 20:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-06-24 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-06-24 15:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\xidohedw
2008-06-24 03:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-24 02:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 15:45 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-06-15 04:38 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-06-07 18:50 337,801 ----a-w C:\WINDOWS\java\Packages\YL35R1VX.ZIP
2008-06-07 17:06 --------- d-----w C:\Program Files\DivX
2008-06-07 16:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\Roxio
2008-06-06 17:51 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-28 23:05 --------- d-----w C:\Program Files\Opera
2008-05-27 22:12 2,190 ----a-w C:\WINDOWS\system32\tmp.reg
2008-05-27 21:48 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-27 21:48 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2008-05-27 21:47 --------- d-----w C:\Program Files\VSO
2008-05-27 21:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-27 21:24 --------- d-----w C:\Program Files\DVD Shrink
2008-05-26 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\chkcomsh
2008-05-26 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\ActSetMnt
2008-05-26 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\genen
2008-05-26 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\apiprocutil
2008-05-26 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\EnUi
2008-05-26 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\apienact
2008-05-26 12:34 --------- d-----w C:\Program Files\LogMeIn
2008-05-26 01:56 98,304 ----a-w C:\WINDOWS\system32\otgzqfuf.exe
2008-05-26 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\dscdb
2008-05-26 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\actsyscmd
2008-05-25 22:03 98,304 ----a-w C:\WINDOWS\system32\grelodov.exe
2008-05-25 22:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\utilweb
2008-05-25 22:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\ChkDscApp
2008-05-25 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\AppChkAct
2008-05-25 17:37 --------- d-----w C:\Program Files\Nero
2008-05-25 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-25 17:34 94,208 ----a-w C:\WINDOWS\system32\fstyvkje.exe
2008-05-25 17:34 --------- d-----w C:\Program Files\hfkan
2008-05-25 17:33 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2008-05-25 15:12 --------- d-----w C:\Program Files\AVI DivX to DVD SVCD VCD Converter
2008-05-24 01:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\Winamp
2008-05-23 01:13 --------- d-----w C:\Program Files\NBX Audio Converter
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-19 01:40 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-05-19 01:40 82,944 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-05-18 18:44 --------- d-----w C:\Program Files\Common Files\NSV
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-16 03:22 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-05-12 21:47 --------- d-----w C:\Program Files\RK Launcher
2008-05-12 21:42 --------- d-----w C:\Program Files\SlySoft
2008-05-11 03:23 --------- d-----w C:\Program Files\QuickTime
2008-05-11 03:08 --------- d-----w C:\Program Files\RocketDock
2008-05-09 00:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-08 23:46 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 00:51 --------- d-----w C:\Documents and Settings\Owner\Application Data\Obsidium
2008-05-08 00:50 --------- d-----w C:\Program Files\NetIntellGames
2008-05-08 00:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\HTML Executable
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 22:59 --------- d-----w C:\Program Files\MagicDisc
2008-05-06 10:10 --------- d-----w C:\Program Files\Alex Feinman
2008-05-06 01:20 --------- d-----w C:\Program Files\UltraISO
2008-05-06 01:20 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-05-06 01:16 --------- d-----w C:\Program Files\MagicISO
2008-05-04 03:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-05-04 03:26 --------- d-----w C:\Program Files\iTunes
2008-05-04 03:25 --------- d-----w C:\Program Files\iPod
2008-05-04 03:25 --------- d-----w C:\Program Files\Bonjour
2008-05-04 03:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-04 03:22 --------- d-----w C:\Program Files\Apple Software Update
2008-05-04 03:21 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-04 03:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-04 00:15 --------- d-----w C:\Program Files\Free Online FLV Converter
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-10 21:12 4 --sh--r C:\Documents and Settings\All Users\Application Data\sysqcl0.dat
2008-01-15 23:05 2,495 ----a-w C:\Program Files\Microsoft Office PowerPoint 2003.lnk
2008-01-04 22:20 81,920 ----a-w C:\Documents and Settings\Owner\Application Data\ezpinst.exe
2007-10-09 19:52 3,138 ----a-w C:\Program Files\vba.ini
2005-11-28 22:54 1,498 ----a-w C:\Program Files\Calculator.lnk
2005-09-27 22:38 1,124 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2001-10-10 01:41 331,776 ----a-w C:\Program Files\BoycottAdvance.exe
.
Infected C:\WINDOWS\system32\user32.dll hex repaired


------- Sigcheck -------

2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\Resources\ISSO\Backup\explorer.exe
2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0cc7b9ed-9566-c5bc-89dd-02791aa1a9ac}]
2008-05-26 08:35 55808 --a------ C:\Documents and Settings\All Users\Application Data\apienact\SetChk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f32aad1-d096-6ca3-52aa-0193a6d98d71}]
2008-05-26 16:21 58880 --a------ C:\Documents and Settings\All Users\Application Data\chkcomsh\MntShApl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{217af9d5-f0d2-f65b-7310-0a00c26e0a38}]
C:\WINDOWS\TEMP\UiComApp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3e318ed4-977b-2c72-d4a5-07d2dcd34b0e}]
2008-05-25 18:03 58880 --a------ C:\Documents and Settings\All Users\Application Data\utilweb\smartapi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98913570-bd03-4c98-bfc5-7eccef1e0f94}]
C:\WINDOWS\system32\efcASjkK.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-01 13:48 1470464]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"ViOrb"="C:\WINDOWS\resources\Themes\ViOrb\ViOrb.exe" [ ]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-12-02 21:58 1229824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 18:55 155648]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 02:42 212992]
"c0.exe"="C:\aidualc3\c0.exe" [2007-07-29 15:48 292864]
"Vistadrv"="C:\WINDOWS\Resources\ISSO\Software\VIPhd\vsdrv.exe" [ ]
"Isso Reloader"="C:\WINDOWS\resources\ISSO\Tools\sysfupw.exe" [2008-03-26 17:28 1155992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-01-11 21:45 4898816]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-03 17:16 219136]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-03-07 14:57:17 3581680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"msgsys"= {0ED0D41C-290D-B8D0-F2B9-028BD8958A7A} - C:\Program Files\hfkan\msgsys.dll [2008-05-25 13:34 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkKeeba]
jkkKeeba.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\Program Files\Common Files\Stardock\mcpstub.dll 2003-08-25 11:25 139264 C:\Program Files\Common Files\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=C:\WINDOWS\pss\Yahoo! Widgets.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^sakib^Start Menu^Programs^Startup^Konfabulator.lnk]
path=C:\Documents and Settings\sakib\Start Menu\Programs\Startup\Konfabulator.lnk
backup=C:\WINDOWS\pss\Konfabulator.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^sakib^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\sakib\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 12:15 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-05-15 19:19 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-06-24 16:31 579584 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2004-08-27 19:22 58488 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CubeDesktop]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlmMgr]
--a------ 2006-10-02 23:59 711272 C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 17:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2005-07-29 12:53 159832 C:\Program Files\Common Files\AOL\1130177598\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-08-20 18:51 118784 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyTray.exe]
C:\Program Files\HotkeyHelper\HotkeyTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
C:\Program Files\LClock\lclock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
--a------ 2007-08-03 15:09 63048 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mojo]
C:\Program Files\MojoSidekick\mojo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-01-11 21:45 4898816 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
--a------ 2004-06-30 12:49 99480 C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pzcdpkzh]
C:\WINDOWS\system32\pmnmzgtq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Real Desktop]
C:\Program Files\Real Desktop\Real Desktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files\Spyware Doctor\SDTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shock4Way3D]
--a------ 2008-05-15 07:46 1222144 C:\Program Files\Shock Utility\Shock4Way3D\Shock4Way3D.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--------- 2008-01-23 14:47 847872 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-03-27 17:38 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tkldxkbe]
C:\Program Files\Common Files\W?nSxS\j?vaw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tpuwblgd]
C:\WINDOWS\system32\ibkhehmx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UPNP]
C:\WINDOWS\system32\upnpsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
--a------ 2004-08-30 22:29 33936 C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu]
C:\Program Files\Vista Start Menu\VistaStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
C:\WINDOWS\wt\updater\wcmdmgrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
C:\Program Files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xuqhdski]
C:\WINDOWS\system32\zczchcly.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-03-27 15:22 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yodm3D]
--a------ 2007-07-06 15:03 2058752 C:\Documents and Settings\Owner\Desktop\s\Yodm3D\Yodm3D\Yodm3D.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McDetect.exe"=2 (0x2)
"WinDefend"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\NetIntellGames\\Net Chess 6\\chess.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\PANDORA.TV\\Live\\Live.exe"=
"C:\\Program Files\\PANDORA.TV\\Live\\PANDORATVLive.exe"=
"C:\\Program Files\\PANDORA.TV\\Live\\Viewer\\LiveRelay.exe"=
"C:\\Program Files\\PANDORA.TV\\Live\\Viewer\\VimViewer.dll"=
"C:\\Program Files\\DAUM\\PotPlayer\\daumvsvr.exe"=
"C:\\Program Files\\DAUM\\PotPlayer\\PotPlayer.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22666:TCP"= 22666:TCP:PORT_22666
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 19:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S4 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2008-04-19 21:34]
S4 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88979e27-c5ca-11d9-ad87-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c80c74e6-b00e-11dc-aff1-0013204862d4}]
\Shell\AutoRun\command - J:\Autorun.exe /run
\Shell\Shell00\Command - J:\Autorun.exe /run
\Shell\Shell01\Command - J:\Autorun.exe /action
\Shell\Shell02\Command - J:\Autorun.exe /uninstall


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
"C:\Program Files\Windows Sidebar\sidebar.exe /RegServer"
.
Contents of the 'Scheduled Tasks' folder
"2008-06-27 21:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-07-01 02:15:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{48FE07AC-F546-4FF3-B37D-DEC3FBAC83D7}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 22:04:36
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwQuerySystemInformation

scanning hidden processes ...

C:\Program Files\iolo\common\Lib\ioloDMVSvc.exe [900] 0x893D82D0

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\iolo\Common\Lib\ioloHL.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\iolo\Common\Lib\ioloHL.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\iolo\Common\Lib\ioloHL.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\iolo\Common\Lib\ioloHL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Common Files\Stardock\sdmcp.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-06-30 22:17:03 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-07-01 02:16:51

Pre-Run: 9,485,725,696 bytes free
Post-Run: 10,115,461,120 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /kernel=vistaboot.exe
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

504 --- E O F --- 2008-06-23 23:03:15

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:02 PM, on 6/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0cc7b9ed-9566-c5bc-89dd-02791aa1a9ac} - C:\Documents and Settings\All Users\Application Data\apienact\SetChk.dll
O2 - BHO: (no name) - {1f32aad1-d096-6ca3-52aa-0193a6d98d71} - C:\Documents and Settings\All Users\Application Data\chkcomsh\MntShApl.dll
O2 - BHO: (no name) - {217af9d5-f0d2-f65b-7310-0a00c26e0a38} - C:\WINDOWS\TEMP\UiComApp.dll (file missing)
O2 - BHO: (no name) - {3e318ed4-977b-2c72-d4a5-07d2dcd34b0e} - C:\Documents and Settings\All Users\Application Data\utilweb\smartapi.dll
O2 - BHO: (no name) - {98913570-bd03-4c98-bfc5-7eccef1e0f94} - C:\WINDOWS\system32\efcASjkK.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelper.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [c0.exe] "C:\aidualc3\c0.exe"
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\Resources\ISSO\Software\VIPhd\vsdrv.exe
O4 - HKLM\..\Run: [Isso Reloader] C:\WINDOWS\resources\ISSO\Tools\sysfupw.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ViOrb] C:\WINDOWS\resources\Themes\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: Yahoo! Checkers - http://origin.games.yahoo.net/games/clients/y/kt4_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung....can8/oscan8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_2.ocx
O16 - DPF: {89A9F739-8F34-40E1-BCD3-62BABEAD3C6F} (MSN Money QuickList) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2458BFCA-0677-4539-B63A-551423F3A367}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{2458BFCA-0677-4539-B63A-551423F3A367}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkkKeeba - jkkKeeba.dll (file missing)
O21 - SSODL: msgsys - {0ED0D41C-290D-B8D0-F2B9-028BD8958A7A} - C:\Program Files\hfkan\msgsys.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10495 bytes

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 01 July 2008 - 01:40 AM

Please show hidden files and folders. Please visit HERE if you don't know how.

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\aidualc3\c0.exe
      C:\Documents and Settings\All Users\Application Data\apienact\SetChk.dll
      C:\Documents and Settings\All Users\Application Data\chkcomsh\MntShApl.dll
      C:\Documents and Settings\All Users\Application Data\utilweb\smartapi.dll
      C:\Program Files\hfkan\msgsys.dll
  • Click on the submit button.. You can only submit one file at a time..
  • Please post the results in your next reply.
If Jotti server is too busy, please submit the file to VirusTotal instead.





NEXT



1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
Viewpoint Manager Service

File::
C:\WINDOWS\system32\otgzqfuf.exe
C:\WINDOWS\system32\grelodov.exe
C:\WINDOWS\system32\fstyvkje.exe
C:\WINDOWS\TEMP\UiComApp.dll
C:\WINDOWS\system32\efcASjkK.dll
C:\WINDOWS\system32\zczchcly.exe
C:\WINDOWS\system32\pmnmzgtq.exe
C:\WINDOWS\system32\ibkhehmx.exe
C:\WINDOWS\system32\upnpsvc.exe
J:\Autorun.exe

Folder::
C:\Program Files\Common Files\W?nSxS
C:\Program Files\Viewpoint

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer]
"SearchURL"=""
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{217af9d5-f0d2-f65b-7310-0a00c26e0a38}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98913570-bd03-4c98-bfc5-7eccef1e0f94}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkKeeba]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pzcdpkzh]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tkldxkbe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tpuwblgd]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xuqhdski]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UPNP]

DirLook::
C:\Documents and Settings\All Users\Application Data\dscdb
C:\Documents and Settings\All Users\Application Data\actsyscmd
C:\Program Files\hfkan
C:\Documents and Settings\All Users\Application Data\apienact
C:\Documents and Settings\All Users\Application Data\chkcomsh
C:\Documents and Settings\All Users\Application Data\utilweb


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply.. Post each log on separate post:
  • Jotti/VirusTotal
  • ComboFix
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 sa000

sa000
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 01 July 2008 - 02:28 PM

I did as you requested. Here are the Jottie scan results for the files. I thank you for your services of helping me.

File: c0.exe
Status: POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)
MD5: b7b03405ac934b108626db3e88a21bd6
Packers detected: EXECRYPTOR
Scanner results
Scan taken on 01 Jul 2008 18:11:43 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found Suspect code-parts (probable variant)
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Sus/ComPack (probable variant)
VirusBuster Found nothing
VBA32 Found nothing

File: SetChk.dll
Status: INFECTED/MALWARE
MD5: 6caca23c525ab33db390ddc7f080c8ac
Packers detected: -
Scanner results
Scan taken on 01 Jul 2008 18:13:21 (GMT)
A-Squared Found nothing
AntiVir Found HEUR/Crypted
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: MntShApl.dll
Status: POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5: b86851ef951f23b17ecd72f8022dc633
Packers detected: -

Scanner results
Scan taken on 01 Jul 2008 18:09:04 (GMT)
A-Squared Found nothing
AntiVir Found HEUR/Crypted
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

File: smartapi.dll
Status: POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5: 5e1c5decc4bd2cf5721ad475fb8f16f8
Packers detected: -

Scanner results
Scan taken on 01 Jul 2008 18:14:07 (GMT)
A-Squared Found nothing
AntiVir Found HEUR/Crypted
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

File: msgsys.dll
Status: INFECTED/MALWARE
MD5: 8c638104203f9c7c1e9987dcef22833f
Packers detected: -

Scanner results
Scan taken on 01 Jul 2008 18:14:39 (GMT)
A-Squared Found nothing
AntiVir Found HEUR/Crypted
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

#6 sa000

sa000
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 01 July 2008 - 02:31 PM

I did what you said about putting that notepad file in combo fix but I am unsure if it worked. It said it was deleting the files/folders and after 30 minutes it said the same thing so I just restarted the computer assuming the files were deleted even though I am not 100% sure. PLease anaylize this and tell me if I need to do that process again. Below is combofix log

ComboFix 08-06-20.4 - Owner 2008-07-01 14:51:51.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.751 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\s\ComboFix.exe
.
The following files were disabled during the run:
C:\Program Files\iolo\Common\Lib\ioloHL.dll


((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.

2008-06-30 23:16 . 2008-07-01 00:07 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-06-30 23:16 . 2008-07-01 00:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-30 00:04 . 2008-06-30 00:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-25 16:31 . 2008-06-25 16:33 <DIR> d-------- C:\Program Files\a-squared Free
2008-06-24 14:43 . 2008-06-24 14:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-24 11:32 . 2008-06-24 11:32 <DIR> d-------- C:\Deckard
2008-06-23 22:32 . 2008-06-23 22:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-23 22:32 . 2008-06-23 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-21 16:16 . 2008-06-21 23:55 <DIR> d-------- C:\Program Files\ViStart
2008-06-21 16:16 . 2008-06-21 16:16 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ViStart
2008-06-21 15:38 . 2008-06-21 15:38 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Real Desktop
2008-06-21 13:53 . 2008-06-21 13:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Consultia
2008-06-21 00:41 . 2008-06-21 00:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Thinking Minds Budiling Bytes
2008-06-20 13:34 . 2008-06-20 13:36 94,208 --a------ C:\WINDOWS\ScUnin.exe
2008-06-20 13:34 . 2008-06-20 13:36 35,382 --a------ C:\WINDOWS\scunin.dat
2008-06-20 13:34 . 2008-06-20 13:36 967 --a------ C:\WINDOWS\ScUnin.pif
2008-06-17 19:18 . 2008-06-17 19:18 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Styler
2008-06-17 11:58 . 2008-06-17 11:58 <DIR> d-------- C:\Program Files\VistaExperience.org
2008-06-17 11:57 . 2008-06-17 23:17 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-06-17 11:56 . 2008-06-17 11:56 <DIR> d-------- C:\Program Files\Alky for Applications
2008-06-17 11:55 . 2008-06-17 11:55 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-17 11:54 . 2007-07-27 01:06 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-06-17 11:53 . 2008-06-17 19:18 <DIR> d-------- C:\Program Files\Styler
2008-06-17 11:45 . 2008-03-01 14:11 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-06-17 11:45 . 2008-06-17 11:45 218,624 --a--c--- C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-06-17 11:11 . 2008-06-17 11:11 <DIR> d-------- C:\Program Files\Shock Utility
2008-06-16 19:02 . 2008-06-17 11:55 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-15 13:33 . 2008-06-15 13:33 <DIR> d-------- C:\Program Files\Roxio
2008-06-11 05:01 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 05:01 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 10:17 . 2008-06-09 10:17 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-06-09 10:14 . 2008-06-09 10:14 <DIR> d-------- C:\Program Files\Microsoft Games
2008-06-08 23:04 . 2008-06-08 23:05 <DIR> d-------- C:\Program Files\SopCast
2008-06-07 16:59 . 2008-06-07 20:40 <DIR> d-------- C:\Program Files\mIRC
2008-06-07 16:59 . 2008-06-07 20:40 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\mIRC
2008-06-07 13:32 . 2008-06-07 13:32 <DIR> d-------- C:\Program Files\AVI MPEG RM WMV Splitter
2008-06-07 13:27 . 2008-06-07 13:27 <DIR> d-------- C:\Program Files\avisplit
2008-06-07 13:15 . 2008-06-07 13:15 <DIR> d-------- C:\Program Files\AC3Filter
2008-06-07 13:15 . 2007-08-18 03:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-06-07 12:37 . 2008-06-07 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-06-07 12:36 . 2008-06-15 13:24 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-06-01 22:21 . 2008-06-01 22:21 <DIR> d-------- C:\Program Files\Videopot
2008-06-01 22:13 . 2008-06-01 22:13 <DIR> d-------- C:\Program Files\DAUM
2008-06-01 22:02 . 2008-06-09 22:58 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\VimViewer
2008-06-01 22:01 . 2008-06-09 22:58 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\VimCaster
2008-06-01 22:01 . 2008-06-09 23:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Log
2008-06-01 22:01 . 2008-06-01 22:01 1,039,896 --a------ C:\WINDOWS\system32\MiniAX.ocx
2008-06-01 22:01 . 2008-06-01 22:01 124,432 --a------ C:\WINDOWS\system32\PanInstaller.dll
2008-06-01 22:01 . 2008-06-01 22:01 83,480 --a------ C:\WINDOWS\system32\FirstLoad.dll
2008-06-01 22:00 . 2008-06-01 22:00 <DIR> d-------- C:\Program Files\PANDORA.TV

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 15:24 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-07-01 04:19 --------- d-----w C:\Program Files\Starcraft
2008-07-01 03:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-01 01:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-24 15:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\xidohedw
2008-06-24 03:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-24 02:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 15:45 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-06-15 04:38 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-06-07 18:50 337,801 ----a-w C:\WINDOWS\java\Packages\YL35R1VX.ZIP
2008-06-07 17:06 --------- d-----w C:\Program Files\DivX
2008-06-07 16:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\Roxio
2008-06-06 17:51 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-28 23:05 --------- d-----w C:\Program Files\Opera
2008-05-27 22:12 2,190 ----a-w C:\WINDOWS\system32\tmp.reg
2008-05-27 21:48 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-27 21:48 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2008-05-27 21:47 --------- d-----w C:\Program Files\VSO
2008-05-27 21:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-27 21:24 --------- d-----w C:\Program Files\DVD Shrink
2008-05-26 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\chkcomsh
2008-05-26 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\ActSetMnt
2008-05-26 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\genen
2008-05-26 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\apiprocutil
2008-05-26 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\EnUi
2008-05-26 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\apienact
2008-05-26 12:34 --------- d-----w C:\Program Files\LogMeIn
2008-05-26 01:56 98,304 ----a-w C:\WINDOWS\system32\otgzqfuf.exe
2008-05-26 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\dscdb
2008-05-26 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\actsyscmd
2008-05-25 22:03 98,304 ----a-w C:\WINDOWS\system32\grelodov.exe
2008-05-25 22:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\utilweb
2008-05-25 22:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\ChkDscApp
2008-05-25 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\AppChkAct
2008-05-25 17:37 --------- d-----w C:\Program Files\Nero
2008-05-25 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-25 17:34 94,208 ----a-w C:\WINDOWS\system32\fstyvkje.exe
2008-05-25 17:34 --------- d-----w C:\Program Files\hfkan
2008-05-25 17:33 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2008-05-25 15:12 --------- d-----w C:\Program Files\AVI DivX to DVD SVCD VCD Converter
2008-05-24 01:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\Winamp
2008-05-23 01:13 --------- d-----w C:\Program Files\NBX Audio Converter
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-19 01:40 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-05-19 01:40 82,944 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-05-18 18:44 --------- d-----w C:\Program Files\Common Files\NSV
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-16 03:22 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-05-12 21:47 --------- d-----w C:\Program Files\RK Launcher
2008-05-12 21:42 --------- d-----w C:\Program Files\SlySoft
2008-05-11 03:23 --------- d-----w C:\Program Files\QuickTime
2008-05-11 03:08 --------- d-----w C:\Program Files\RocketDock
2008-05-09 00:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-08 23:46 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 00:51 --------- d-----w C:\Documents and Settings\Owner\Application Data\Obsidium
2008-05-08 00:50 --------- d-----w C:\Program Files\NetIntellGames
2008-05-08 00:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\HTML Executable
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 22:59 --------- d-----w C:\Program Files\MagicDisc
2008-05-06 10:10 --------- d-----w C:\Program Files\Alex Feinman
2008-05-06 01:20 --------- d-----w C:\Program Files\UltraISO
2008-05-06 01:20 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-05-06 01:16 --------- d-----w C:\Program Files\MagicISO
2008-05-04 03:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-05-04 03:26 --------- d-----w C:\Program Files\iTunes
2008-05-04 03:25 --------- d-----w C:\Program Files\iPod
2008-05-04 03:25 --------- d-----w C:\Program Files\Bonjour
2008-05-04 03:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-04 03:22 --------- d-----w C:\Program Files\Apple Software Update
2008-05-04 03:21 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-04 03:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-04 00:15 --------- d-----w C:\Program Files\Free Online FLV Converter
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-10 21:12 4 --sh--r C:\Documents and Settings\All Users\Application Data\sysqcl0.dat
2008-01-15 23:05 2,495 ----a-w C:\Program Files\Microsoft Office PowerPoint 2003.lnk
2008-01-04 22:20 81,920 ----a-w C:\Documents and Settings\Owner\Application Data\ezpinst.exe
2007-10-09 19:52 3,138 ----a-w C:\Program Files\vba.ini
2005-11-28 22:54 1,498 ----a-w C:\Program Files\Calculator.lnk
2005-09-27 22:38 1,124 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2001-10-10 01:41 331,776 ----a-w C:\Program Files\BoycottAdvance.exe
.

------- Sigcheck -------

2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\Resources\ISSO\Backup\explorer.exe
2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-30_22.16.02.44 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-01 02:03:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-01 18:49:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-15 17:34:21 920,956 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-07-01 04:01:47 80,108 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
- 2008-07-01 02:04:32 53,248 ----a-w C:\WINDOWS\Temp\catchme.dll
+ 2008-07-01 18:55:20 53,248 ----a-w C:\WINDOWS\Temp\catchme.dll
+ 2008-07-01 18:49:40 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_328.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0cc7b9ed-9566-c5bc-89dd-02791aa1a9ac}]
2008-05-26 08:35 55808 --a------ C:\Documents and Settings\All Users\Application Data\apienact\SetChk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f32aad1-d096-6ca3-52aa-0193a6d98d71}]
2008-05-26 16:21 58880 --a------ C:\Documents and Settings\All Users\Application Data\chkcomsh\MntShApl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{217af9d5-f0d2-f65b-7310-0a00c26e0a38}]
C:\WINDOWS\TEMP\UiComApp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3e318ed4-977b-2c72-d4a5-07d2dcd34b0e}]
2008-05-25 18:03 58880 --a------ C:\Documents and Settings\All Users\Application Data\utilweb\smartapi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98913570-bd03-4c98-bfc5-7eccef1e0f94}]
C:\WINDOWS\system32\efcASjkK.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-01 13:48 1470464]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"ViOrb"="C:\WINDOWS\resources\Themes\ViOrb\ViOrb.exe" [ ]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-12-02 21:58 1229824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 18:55 155648]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 02:42 212992]
"c0.exe"="C:\aidualc3\c0.exe" [2007-07-29 15:48 292864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-01-11 21:45 4898816]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-03-07 14:57:17 3581680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"msgsys"= {0ED0D41C-290D-B8D0-F2B9-028BD8958A7A} - C:\Program Files\hfkan\msgsys.dll [2008-05-25 13:34 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkKeeba]
jkkKeeba.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\Program Files\Common Files\Stardock\mcpstub.dll 2003-08-25 11:25 139264 C:\Program Files\Common Files\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=C:\WINDOWS\pss\Yahoo! Widgets.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^sakib^Start Menu^Programs^Startup^Konfabulator.lnk]
path=C:\Documents and Settings\sakib\Start Menu\Programs\Startup\Konfabulator.lnk
backup=C:\WINDOWS\pss\Konfabulator.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^sakib^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\sakib\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 12:15 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-05-15 19:19 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2004-08-27 19:22 58488 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CubeDesktop]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlmMgr]
--a------ 2006-10-02 23:59 711272 C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 17:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2005-07-29 12:53 159832 C:\Program Files\Common Files\AOL\1130177598\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-08-20 18:51 118784 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyTray.exe]
C:\Program Files\HotkeyHelper\HotkeyTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Isso Reloader]
--a------ 2008-03-26 17:28 1155992 C:\WINDOWS\resources\ISSO\Tools\sysfupw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
C:\Program Files\LClock\lclock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
--a------ 2007-08-03 15:09 63048 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mojo]
C:\Program Files\MojoSidekick\mojo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-01-11 21:45 4898816 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
--a------ 2004-06-30 12:49 99480 C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pzcdpkzh]
C:\WINDOWS\system32\pmnmzgtq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Real Desktop]
C:\Program Files\Real Desktop\Real Desktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files\Spyware Doctor\SDTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shock4Way3D]
--a------ 2008-05-15 07:46 1222144 C:\Program Files\Shock Utility\Shock4Way3D\Shock4Way3D.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--------- 2008-01-23 14:47 847872 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-03-27 17:38 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tkldxkbe]
C:\Program Files\Common Files\W?nSxS\j?vaw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tpuwblgd]
C:\WINDOWS\system32\ibkhehmx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UPNP]
C:\WINDOWS\system32\upnpsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
--a------ 2004-08-30 22:29 33936 C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrv]
C:\WINDOWS\Resources\ISSO\Software\VIPhd\vsdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu]
C:\Program Files\Vista Start Menu\VistaStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
C:\WINDOWS\wt\updater\wcmdmgrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
C:\Program Files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xuqhdski]
C:\WINDOWS\system32\zczchcly.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-03-27 15:22 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yodm3D]
--a------ 2007-07-06 15:03 2058752 C:\Documents and Settings\Owner\Desktop\s\Yodm3D\Yodm3D\Yodm3D.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McDetect.exe"=2 (0x2)
"WinDefend"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\NetIntellGames\\Net Chess 6\\chess.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\PANDORA.TV\\Live\\Live.exe"=
"C:\\Program Files\\PANDORA.TV\\Live\\PANDORATVLive.exe"=
"C:\\Program Files\\PANDORA.TV\\Live\\Viewer\\LiveRelay.exe"=
"C:\\Program Files\\PANDORA.TV\\Live\\Viewer\\VimViewer.dll"=
"C:\\Program Files\\DAUM\\PotPlayer\\daumvsvr.exe"=
"C:\\Program Files\\DAUM\\PotPlayer\\PotPlayer.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22666:TCP"= 22666:TCP:PORT_22666
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 19:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" []
S4 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2008-04-19 21:34]
S4 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88979e27-c5ca-11d9-ad87-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c80c74e6-b00e-11dc-aff1-0013204862d4}]
\Shell\AutoRun\command - J:\Autorun.exe /run
\Shell\Shell00\Command - J:\Autorun.exe /run
\Shell\Shell01\Command - J:\Autorun.exe /action
\Shell\Shell02\Command - J:\Autorun.exe /uninstall


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
"C:\Program Files\Windows Sidebar\sidebar.exe /RegServer"
.
Contents of the 'Scheduled Tasks' folder
"2008-06-27 21:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-07-01 18:55:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{48FE07AC-F546-4FF3-B37D-DEC3FBAC83D7}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 14:55:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\iolo\Common\Lib\ioloHL.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\iolo\Common\Lib\ioloHL.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\iolo\Common\Lib\ioloHL.dll
.
Completion time: 2008-07-01 14:58:51
ComboFix-quarantined-files.txt 2008-07-01 18:58:11
ComboFix2.txt 2008-07-01 02:17:05

Pre-Run: 12,070,830,080 bytes free
Post-Run: 12,071,927,808 bytes free

434 --- E O F --- 2008-06-23 23:03:15


Here is Hijackthis log. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:53 PM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0cc7b9ed-9566-c5bc-89dd-02791aa1a9ac} - C:\Documents and Settings\All Users\Application Data\apienact\SetChk.dll
O2 - BHO: (no name) - {1f32aad1-d096-6ca3-52aa-0193a6d98d71} - C:\Documents and Settings\All Users\Application Data\chkcomsh\MntShApl.dll
O2 - BHO: (no name) - {217af9d5-f0d2-f65b-7310-0a00c26e0a38} - C:\WINDOWS\TEMP\UiComApp.dll (file missing)
O2 - BHO: (no name) - {3e318ed4-977b-2c72-d4a5-07d2dcd34b0e} - C:\Documents and Settings\All Users\Application Data\utilweb\smartapi.dll
O2 - BHO: (no name) - {98913570-bd03-4c98-bfc5-7eccef1e0f94} - C:\WINDOWS\system32\efcASjkK.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelper.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [c0.exe] "C:\aidualc3\c0.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ViOrb] C:\WINDOWS\resources\Themes\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: Yahoo! Checkers - http://origin.games.yahoo.net/games/clients/y/kt4_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung....can8/oscan8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_2.ocx
O16 - DPF: {89A9F739-8F34-40E1-BCD3-62BABEAD3C6F} (MSN Money QuickList) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2458BFCA-0677-4539-B63A-551423F3A367}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{2458BFCA-0677-4539-B63A-551423F3A367}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkkKeeba - jkkKeeba.dll (file missing)
O21 - SSODL: msgsys - {0ED0D41C-290D-B8D0-F2B9-028BD8958A7A} - C:\Program Files\hfkan\msgsys.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 9636 bytes

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 01 July 2008 - 11:10 PM

I did what you said about putting that notepad file in combo fix but I am unsure if it worked. It said it was deleting the files/folders and after 30 minutes it said the same thing so I just restarted the computer assuming the files were deleted even though I am not 100% sure.


Well, I still can see some of the nasties again.. Lets' take a different route..



We need to get rid of some of the services running on your machine. To do this, copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

@echo off
sc stop "Viewpoint Manager Service"
sc delete "Viewpoint Manager Service"
exit

Save it to your desktop as File name: Service.bat
Save as type: All Files

Once done, double click Service.bat to run it. A command window will open briefly, then close. This is quite normal.

If you do not sure how to make a batch file, please visit HERE for the tutorial.





NEXT


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\system32\otgzqfuf.exe
    C:\WINDOWS\system32\grelodov.exe
    C:\WINDOWS\system32\fstyvkje.exe
    C:\WINDOWS\TEMP\UiComApp.dll
    C:\WINDOWS\system32\efcASjkK.dll
    C:\WINDOWS\system32\zczchcly.exe
    C:\WINDOWS\system32\pmnmzgtq.exe
    C:\WINDOWS\system32\ibkhehmx.exe
    C:\WINDOWS\system32\upnpsvc.exe
    J:\Autorun.exe
    C:\Program Files\Common Files\W?nSxS
    C:\Program Files\Viewpoint
    C:\Documents and Settings\All Users\Application Data\dscdb
    C:\Documents and Settings\All Users\Application Data\actsyscmd
    C:\Program Files\hfkan
    C:\Documents and Settings\All Users\Application Data\apienact
    C:\Documents and Settings\All Users\Application Data\chkcomsh
    C:\Documents and Settings\All Users\Application Data\utilweb
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkKeeba
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pzcdpkzh
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tkldxkbe
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tpuwblgd
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xuqhdski
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UPNP
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0cc7b9ed-9566-c5bc-89dd-02791aa1a9ac}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f32aad1-d096-6ca3-52aa-0193a6d98d71}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{217af9d5-f0d2-f65b-7310-0a00c26e0a38}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3e318ed4-977b-2c72-d4a5-07d2dcd34b0e}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98913570-bd03-4c98-bfc5-7eccef1e0f94}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88979e27-c5ca-11d9-ad87-806d6172696f}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c80c74e6-b00e-11dc-aff1-0013204862d4}
    purity
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.





NEXT


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator



Please post the following logs in your next reply.. Please post each log in separate post..

1. OTMoveIt2
2. Malwarebytes
3. Deckard System Scanner (both main.txt and extra.txt)
4. Tell me about your computer behaviour..



Regards
fenzodahl512

Edited by fenzodahl512, 01 July 2008 - 11:12 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 sa000

sa000
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 01 July 2008 - 11:18 PM

I have done as you requested. This is the Otmove it file, I am currently scanning for malwarebytes but im posting this now cause I saw you responded to my post a few minutes and I did not want to lose you. I will later post the other logs when it is done.
Explorer killed successfully
C:\WINDOWS\system32\otgzqfuf.exe moved successfully.
C:\WINDOWS\system32\grelodov.exe moved successfully.
C:\WINDOWS\system32\fstyvkje.exe moved successfully.
File/Folder C:\WINDOWS\TEMP\UiComApp.dll not found.
File/Folder C:\WINDOWS\system32\efcASjkK.dll not found.
File/Folder C:\WINDOWS\system32\zczchcly.exe not found.
File/Folder C:\WINDOWS\system32\pmnmzgtq.exe not found.
File/Folder C:\WINDOWS\system32\ibkhehmx.exe not found.
File/Folder C:\WINDOWS\system32\upnpsvc.exe not found.
File/Folder J:\Autorun.exe not found.
< C:\Program Files\Common Files\W?nSxS >
File/Folder C:\Program Files\Common Files\W?nSxS not found.
C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell\AOL9 moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\Components moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player moved successfully.
C:\Program Files\Viewpoint\Common moved successfully.
C:\Program Files\Viewpoint moved successfully.
C:\Documents and Settings\All Users\Application Data\dscdb moved successfully.
C:\Documents and Settings\All Users\Application Data\actsyscmd moved successfully.
C:\Program Files\hfkan moved successfully.
C:\Documents and Settings\All Users\Application Data\apienact moved successfully.
C:\Documents and Settings\All Users\Application Data\chkcomsh moved successfully.
C:\Documents and Settings\All Users\Application Data\utilweb moved successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkKeeba >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkKeeba\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pzcdpkzh >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pzcdpkzh\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tkldxkbe >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tkldxkbe\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tpuwblgd >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tpuwblgd\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xuqhdski >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xuqhdski\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UPNP >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UPNP\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0cc7b9ed-9566-c5bc-89dd-02791aa1a9ac} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0cc7b9ed-9566-c5bc-89dd-02791aa1a9ac}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f32aad1-d096-6ca3-52aa-0193a6d98d71} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f32aad1-d096-6ca3-52aa-0193a6d98d71}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{217af9d5-f0d2-f65b-7310-0a00c26e0a38} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{217af9d5-f0d2-f65b-7310-0a00c26e0a38}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3e318ed4-977b-2c72-d4a5-07d2dcd34b0e} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3e318ed4-977b-2c72-d4a5-07d2dcd34b0e}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98913570-bd03-4c98-bfc5-7eccef1e0f94} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98913570-bd03-4c98-bfc5-7eccef1e0f94}\\ deleted successfully.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07022008_001410

#9 sa000

sa000
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 01 July 2008 - 11:58 PM

This is for Malwarebytes log.

Malwarebytes' Anti-Malware 1.19
Database version: 913
Windows 5.1.2600 Service Pack 2

12:57:09 AM 7/2/2008
mbam-log-7-2-2008 (00-57-09).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 146538
Time elapsed: 38 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 2
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Trojan.Zlob) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Batco (Adware.Batco) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wTMP (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Alwil Software\Avast4\DATA\moved\glkhys.exe (Proxy.Ranky) -> Quarantined and deleted successfully.
C:\Program Files\Batco\bat.dll (Adware.Batco) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ntpl.bin.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\nvrsma.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP39\A0011241.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP39\A0020225.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP39\A0026453.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP39\A0026454.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP46\A0026825.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP46\A0026826.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP46\A0026827.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP79\A0033775.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP79\A0033776.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP79\A0033777.exe (Trojan.FakeAler) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP79\A0033779.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP79\A0033780.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP89\A0037041.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07022008_001410\WINDOWS\system32\fstyvkje.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07022008_001410\WINDOWS\system32\grelodov.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\07022008_001410\WINDOWS\system32\otgzqfuf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

#10 sa000

sa000
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 02 July 2008 - 12:09 AM

Here is the DSS log.

Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-02 01:02:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
97: 2008-07-02 05:02:36 UTC - RP97 - Deckard's System Scanner Restore Point
96: 2008-07-01 18:19:09 UTC - RP96 - ComboFix created restore point
95: 2008-07-01 04:15:41 UTC - RP95 - Installed AVG 8.0
94: 2008-07-01 04:14:17 UTC - RP94 - Removed AVG 8.0
93: 2008-07-01 04:00:05 UTC - RP93 - Restore Operation


-- First Restore Point --
1: 2008-05-25 17:37:35 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:49 AM, on 7/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Owner\Desktop\New Folder\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelper.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [c0.exe] "C:\aidualc3\c0.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ViOrb] C:\WINDOWS\resources\Themes\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: Yahoo! Checkers - http://origin.games.yahoo.net/games/clients/y/kt4_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung....can8/oscan8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_2.ocx
O16 - DPF: {89A9F739-8F34-40E1-BCD3-62BABEAD3C6F} (MSN Money QuickList) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2458BFCA-0677-4539-B63A-551423F3A367}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{2458BFCA-0677-4539-B63A-551423F3A367}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: msgsys - {0ED0D41C-290D-B8D0-F2B9-028BD8958A7A} - C:\Program Files\hfkan\msgsys.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe

--
End of file - 9204 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ISODrive (ISO DVD/CD-ROM Device Driver) - c:\program files\ultraiso\drivers\isodrive.sys <Not Verified; EZB Systems, Inc.; ISODrive>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S0 SSFS0BB9 (Spy Sweeper File System Filer Driver: 0BB9) - c:\windows\system32\drivers\ssfs0bb9.sys (file missing)
S0 SSHRMD (Spy Sweeper Hookrack MiniDriver) - c:\windows\system32\drivers\sshrmd.sys (file missing)
S0 SSIDRV (Spy Sweeper Interdiction Driver) - c:\windows\system32\drivers\ssidrv.sys (file missing)
S3 nocashio - c:\windows\system32\drivers\nocashio.sys
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Sophos AutoUpdate Service - "c:\program files\sophos\autoupdate\alsvc.exe" <Not Verified; Sophos Plc; Sophos AutoUpdate>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 Imapi Helper - "c:\program files\alex feinman\iso recorder\imapihelper.exe" <Not Verified; Alex Feinman; ISO Recorder>
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
S4 Boonty Games - "c:\program files\common files\boonty shared\service\boonty.exe" <Not Verified; BOONTY; Boonty Games>
S4 WebrootSpySweeperService (Webroot Spy Sweeper Engine) - "c:\program files\webroot\spy sweeper\spysweeper.exe" (file missing)
S4 wwEngineSvc (Window Washer Engine) - c:\program files\webroot\washer\washersvc.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-02 01:05:00 418 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{48FE07AC-F546-4FF3-B37D-DEC3FBAC83D7}.job
2008-06-27 17:15:00 390 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-06-02 and 2008-07-02 -----------------------------

2008-07-02 00:16:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-02 00:16:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-02 00:16:21 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-01 21:58:49 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-01 21:58:48 0 d-------- C:\Documents and Settings\Owner\Application Data\skypePM
2008-07-01 21:57:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2008-07-01 21:57:14 0 d-------- C:\Program Files\Skype
2008-07-01 21:57:14 0 d-------- C:\Program Files\Common Files\Skype
2008-07-01 20:35:59 0 d-------- C:\Program Files\CDisplay
2008-06-30 23:28:03 9060352 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-06-30 23:16:41 0 d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-06-30 23:16:25 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-30 21:57:45 0 d-------- C:\cmdcons
2008-06-30 21:55:47 68096 --a------ C:\WINDOWS\zip.exe
2008-06-30 21:55:47 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-30 21:55:46 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-30 21:55:46 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-30 21:55:46 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-30 21:55:46 98816 --a------ C:\WINDOWS\sed.exe
2008-06-30 21:55:46 80412 --a------ C:\WINDOWS\grep.exe
2008-06-30 21:55:46 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-30 00:04:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-25 16:31:51 0 d-------- C:\Program Files\a-squared Free
2008-06-24 14:43:43 0 d-------- C:\Program Files\Trend Micro
2008-06-23 22:32:15 0 d-------- C:\Program Files\Lavasoft
2008-06-23 22:32:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-21 16:16:13 0 d-------- C:\Documents and Settings\Owner\Application Data\ViStart
2008-06-21 16:16:12 0 d-------- C:\Program Files\ViStart
2008-06-21 15:38:30 0 d-------- C:\Documents and Settings\Owner\Application Data\Real Desktop
2008-06-21 13:53:44 0 d-------- C:\Documents and Settings\Owner\Application Data\Consultia
2008-06-21 00:41:06 0 d-------- C:\Documents and Settings\Owner\Application Data\Thinking Minds Budiling Bytes
2008-06-20 13:34:38 967 --a------ C:\WINDOWS\ScUnin.pif
2008-06-20 13:34:38 35382 --a------ C:\WINDOWS\scunin.dat
2008-06-20 13:34:37 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-06-17 19:18:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Styler
2008-06-17 11:58:11 0 d-------- C:\Program Files\VistaExperience.org
2008-06-17 11:57:07 0 d-------- C:\Program Files\Windows Sidebar
2008-06-17 11:56:24 0 d-------- C:\Program Files\Alky for Applications
2008-06-17 11:55:38 0 d-------- C:\WINDOWS\l2schemas
2008-06-17 11:53:56 0 d-------- C:\Program Files\Styler
2008-06-17 11:11:10 0 d-------- C:\Program Files\Shock Utility
2008-06-15 13:33:27 0 d-------- C:\Program Files\Roxio
2008-06-13 11:15:59 0 d--hs---- C:\Documents and Settings\Owner\Recent
2008-06-09 10:17:15 0 d-------- C:\Program Files\GameSpy Arcade
2008-06-09 10:14:15 0 d-------- C:\Program Files\Microsoft Games
2008-06-08 23:04:25 0 d-------- C:\Program Files\SopCast
2008-06-07 16:59:06 0 d-------- C:\Program Files\mIRC
2008-06-07 16:59:06 0 d-------- C:\Documents and Settings\Owner\Application Data\mIRC
2008-06-07 13:32:02 0 d-------- C:\Program Files\AVI MPEG RM WMV Splitter
2008-06-07 13:27:51 0 d-------- C:\Program Files\avisplit
2008-06-07 13:15:22 0 d-------- C:\Program Files\AC3Filter
2008-06-07 12:37:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-06-07 12:36:53 0 d-------- C:\Program Files\Common Files\Roxio Shared


-- Find3M Report ---------------------------------------------------------------

2008-07-02 00:28:13 0 d-------- C:\Program Files\Starcraft
2008-07-01 22:41:52 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-07-01 21:57:14 0 d-------- C:\Program Files\Common Files
2008-06-30 21:55:18 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-30 21:48:27 0 d-------- C:\Program Files\Windows NT
2008-06-30 21:48:25 0 d-------- C:\Program Files\Movie Maker
2008-06-23 22:31:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 11:45:35 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft« Windows« Operating System>
2008-06-15 00:38:26 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-06-09 23:01:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Log
2008-06-09 22:58:51 0 d-------- C:\Documents and Settings\Owner\Application Data\VimViewer
2008-06-09 22:58:17 0 d-------- C:\Documents and Settings\Owner\Application Data\VimCaster
2008-06-07 13:06:45 0 d-------- C:\Program Files\DivX
2008-06-07 12:38:32 0 d-------- C:\Documents and Settings\Owner\Application Data\Roxio
2008-06-06 13:51:53 668 --a------ C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
2008-06-06 13:51:53 0 d-------- C:\Documents and Settings\Owner\Application Data\Vso
2008-06-01 22:21:20 0 d-------- C:\Program Files\Videopot
2008-06-01 22:13:24 0 d-------- C:\Program Files\DAUM
2008-06-01 22:00:34 0 d-------- C:\Program Files\PANDORA.TV
2008-05-30 19:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX«>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX«>
2008-05-30 19:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX«>
2008-05-30 19:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX«>
2008-05-28 19:05:47 0 d-------- C:\Program Files\Opera
2008-05-27 18:12:54 2190 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-27 17:48:05 34 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.log
2008-05-27 17:48:00 47360 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-05-27 17:48:00 1144 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.inf
2008-05-27 17:48:00 7887 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.cat
2008-05-27 17:47:49 0 d-------- C:\Program Files\VSO
2008-05-27 17:24:14 0 d-------- C:\Program Files\DVD Shrink
2008-05-26 13:44:01 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-26 08:34:31 0 d-------- C:\Program Files\LogMeIn
2008-05-25 13:37:04 0 d-------- C:\Program Files\Nero
2008-05-25 11:12:35 0 d-------- C:\Program Files\AVI DivX to DVD SVCD VCD Converter
2008-05-23 21:50:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Winamp
2008-05-22 21:13:55 0 d-------- C:\Program Files\NBX Audio Converter
2008-05-22 18:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-18 21:40:35 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-18 21:40:35 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-18 14:44:14 0 d-------- C:\Program Files\Common Files\NSV
2008-05-15 23:22:45 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-12 17:47:02 0 d-------- C:\Program Files\RK Launcher
2008-05-12 17:42:26 0 d-------- C:\Program Files\SlySoft
2008-05-10 23:27:43 0 d-------- C:\Program Files\Messenger
2008-05-10 23:23:58 0 d-------- C:\Program Files\QuickTime
2008-05-10 23:08:44 0 d-------- C:\Program Files\RocketDock
2008-05-09 16:16:07 0 -r-hs---- C:\config.sys
2008-05-08 20:48:42 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-08 19:46:06 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-07 20:51:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Obsidium
2008-05-07 20:50:24 0 d-------- C:\Program Files\NetIntellGames
2008-05-07 20:32:21 0 d-------- C:\Documents and Settings\Owner\Application Data\HTML Executable
2008-05-06 18:59:10 0 d-------- C:\Program Files\MagicDisc
2008-05-06 06:10:33 0 d-------- C:\Program Files\Alex Feinman
2008-05-05 21:20:55 0 d-------- C:\Program Files\UltraISO
2008-05-05 21:20:49 0 d-------- C:\Program Files\Common Files\EZB Systems
2008-05-05 21:16:39 0 d-------- C:\Program Files\MagicISO
2008-05-03 23:27:00 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2008-05-03 23:26:16 0 d-------- C:\Program Files\iTunes
2008-05-03 23:25:58 0 d-------- C:\Program Files\iPod
2008-05-03 23:25:22 0 d-------- C:\Program Files\Bonjour
2008-05-03 23:22:51 0 d-------- C:\Program Files\Apple Software Update
2008-05-03 23:21:59 0 d-------- C:\Program Files\Common Files\Apple
2008-05-03 20:15:56 0 d-------- C:\Program Files\Free Online FLV Converter
2008-04-27 08:56:57 827 --a------ C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
2008-04-19 21:35:17 4096 --a------ C:\WINDOWS\d3dx.dat
2008-04-10 21:54:34 1714 --a------ C:\Documents and Settings\Owner\Application Data\dm.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/20/2004 06:55 PM]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"c0.exe"="C:\aidualc3\c0.exe" [07/29/2007 03:48 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/01/2008 01:48 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 PM]
"ViOrb"="C:\WINDOWS\resources\Themes\ViOrb\ViOrb.exe" []
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [12/02/2007 09:58 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"msgsys"= {0ED0D41C-290D-B8D0-F2B9-028BD8958A7A} - C:\Program Files\hfkan\msgsys.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 11/15/2007 06:46 PM 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\Program Files\Common Files\Stardock\mcpstub.dll 08/25/2003 11:25 AM 139264 C:\Program Files\Common Files\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=C:\WINDOWS\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^sakib^Start Menu^Programs^Startup^Konfabulator.lnk]
path=C:\Documents and Settings\sakib\Start Menu\Programs\Startup\Konfabulator.lnk
backup=C:\WINDOWS\pss\Konfabulator.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^sakib^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\sakib\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CubeDesktop]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlmMgr]
"C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" restart=1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1130177598\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyTray.exe]
C:\Program Files\HotkeyHelper\HotkeyTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Isso Reloader]
C:\WINDOWS\resources\ISSO\Tools\sysfupw.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
"C:\Program Files\LClock\lclock.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
"C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mojo]
C:\Program Files\MojoSidekick\mojo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
"C:\Program Files\PowerISO\PWRISOVM.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Real Desktop]
"C:\Program Files\Real Desktop\Real Desktop.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
"C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"C:\Program Files\Spyware Doctor\SDTrayApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shock4Way3D]
C:\Program Files\Shock Utility\Shock4Way3D\Shock4Way3D.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrv]
C:\WINDOWS\Resources\ISSO\Software\VIPhd\vsdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu]
"C:\Program Files\Vista Start Menu\VistaStartMenu.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
"C:\Program Files\Webroot\Washer\wwDisp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yodm3D]
C:\Documents and Settings\Owner\Desktop\s\Yodm3D\Yodm3D\Yodm3D.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McDetect.exe"=2 (0x2)
"WinDefend"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88979e27-c5ca-11d9-ad87-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c80c74e6-b00e-11dc-aff1-0013204862d4}]
AutoRun\command- J:\Autorun.exe /run
Shell00\Command- J:\Autorun.exe /run
Shell01\Command- J:\Autorun.exe /action
Shell02\Command- J:\Autorun.exe /uninstall


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
"C:\Program Files\Windows Sidebar\sidebar.exe /RegServer"



-- End of Deckard's System Scanner: finished at 2008-07-02 01:06:41 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.80GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 1262.73 MiB / 752.12 MiB
Pagefile Memory (total/avail): 5213.66 MiB / 4744.57 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.14 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 71.36 GiB total, 11.07 GiB free.
D: is Fixed (FAT32) - 3.16 GiB total, 1.13 GiB free.
E: is CDROM (CDFS)
F: is CDROM (CDFS)
G: is CDROM (No Media)
H: is Removable (FAT)
I: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 71.36 GiB - C:
\PARTITION1 - Unknown - 3.16 GiB - D:

\\.\PHYSICALDRIVE1 - SanDisk U3 Cruzer Micro USB Device - 478.5 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 483.7 MiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
FirewallOverride is set.

AV: avast! antivirus 4.8.1201 [VPS 080701-0] v4.8.1201 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program Files\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:ÁTorrent"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\NetIntellGames\\Net Chess 6\\chess.exe"="C:\\Program Files\\NetIntellGames\\Net Chess 6\\chess.exe:*:Enabled:Net Chess"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\PANDORA.TV\\Live\\Live.exe"="C:\\Program Files\\PANDORA.TV\\Live\\Live.exe:*:Enabled:Live.exe"
"C:\\Program Files\\PANDORA.TV\\Live\\PANDORATVLive.exe"="C:\\Program Files\\PANDORA.TV\\Live\\PANDORATVLive.exe:*:Enabled:PANDORATVLive.exe"
"C:\\Program Files\\PANDORA.TV\\Live\\Viewer\\LiveRelay.exe"="C:\\Program Files\\PANDORA.TV\\Live\\Viewer\\LiveRelay.exe:*:Enabled:C:\\Program Files\\Pandora.TV\\Live\\Viewer\\LiveRelay.exe"
"C:\\Program Files\\PANDORA.TV\\Live\\Viewer\\VimViewer.dll"="C:\\Program Files\\PANDORA.TV\\Live\\Viewer\\VimViewer.dll:*:Enabled:C:\\Program Files\\Pandora.TV\\Live\\Viewer\\VimViewer.dll"
"C:\\Program Files\\DAUM\\PotPlayer\\daumvsvr.exe"="C:\\Program Files\\DAUM\\PotPlayer\\daumvsvr.exe:*:Enabled:VideoPot"
"C:\\Program Files\\DAUM\\PotPlayer\\PotPlayer.exe"="C:\\Program Files\\DAUM\\PotPlayer\\PotPlayer.exe:*:Enabled:Daum ?????"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALKY=C:\Program Files\Alky for Applications\Libraries\
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KHAIRUL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\KHAIRUL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Alky for Applications\Libraries
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\WINDOWS\TEMP
TMP=C:\WINDOWS\TEMP
USERDOMAIN=KHAIRUL
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Owner (admin)
LogMeInRemoteUser (admin)
LogMeInRemoteUser.YOUR-E358B65523 (new local, admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
ÁTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIMTunes --> C:\Program Files\AIMTunes\Uninstall.exe
Alky for Applications (Windows XP) --> MsiExec.exe /X{BB05D173-9681-4812-A7FA-BD4042A3DA00}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVI DivX to DVD SVCD VCD Converter 2.2.2 --> "C:\Program Files\AVI DivX to DVD SVCD VCD Converter\unins000.exe"
AVI Splitter --> "C:\Program Files\avisplit\unins000.exe"
AVI/MPEG/RM/WMV Splitter 4.28 --> "C:\Program Files\AVI MPEG RM WMV Splitter\unins000.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Camtasia Studio 5 --> MsiExec.exe /I{784E6B0F-00EC-4950-95A2-BBA64F44EC48}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
ConvertXtoDVD 3.0.0.1 --> "C:\Program Files\VSO\ConvertX\3\unins000.exe"
CubeDesktop --> "C:\Program Files\CubeDesktop\Uninstall.exe"
Daum Ă╠ă├Ě╣└╠żţ --> "C:\Program Files\DAUM\PotPlayer\uninstall.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
FoxyTunes for Firefox --> "C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Free Online FLV Converter --> "C:\Program Files\Free Online FLV Converter\unins000.exe"
Gadget Installer --> MsiExec.exe /I{3F3733A5-8322-454D-A638-3B74E1C83752}
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iColorFolder --> C:\WINDOWS\resources\ISSO\Software\iColorFolder\uninstall.exe
ISO Recorder --> MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21}
Isso Pack 4.4 --> C:\WINDOWS\resources\ISSO\Uninstall.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
LogMeIn --> MsiExec.exe /I{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Magic ISO Maker v5.4 (build 0256) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.6.93 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\Uninst.exe
NBX Audio Converter v2 --> "C:\Program Files\NBX Audio Converter\unins000.exe"
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Net Chess 6 --> C:\Program Files\NetIntellGames\Net Chess 6\uninstall.exe
ObjectDock Plus --> C:\PROGRA~1\Stardock\OBJECT~1\objectdock.exe /uninstall
Opera 9.27 --> MsiExec.exe /X{04DB4871-BC1D-44BF-AADB-47326365EB8C}
Opera 9.27 --> MsiExec.exe /X{503D6E3E-1A48-44F5-BB7C-EB3B593FAED0}
PANDORATV LIVE --> "C:\Program Files\PANDORA.TV\Live\unins000.exe"
PE Builder 3.1.10a --> "c:\pebuilder3110a\unins000.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RK Launcher 0.41 Leopard --> C:\Program Files\RK Launcher\uninstall.exe
RocketDock 1.3.5 --> "C:\Program Files\RocketDock\unins000.exe"
Roxio DVDit Pro HD --> MsiExec.exe /I{353073E8-1185-4823-8F3A-A1F4AF6DD2CD}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shock 4Way 3D v1.21 --> "C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Shock Utility\Shock4Way3D\IFU11F.inf
Shock 4Way 3D v1.25 --> "C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Shock Utility\Shock4Way3D\IFU15E.inf
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SopCast 3.0.3 --> C:\Program Files\SopCast\uninst.exe
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Stardock Central --> C:\PROGRA~1\Stardock\SDCENT~1\UNWISE.EXE C:\PROGRA~1\Stardock\SDCENT~1\INSTALL.LOG
Styler --> MsiExec.exe /I{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}
SUPERAntiSpyware Professional --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TI Connect 1.6 --> MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
Ubuntu --> C:\ubuntu\Uninstall-Ubuntu.exe
UltraISO Premium V9.0 --> "C:\Program Files\UltraISO\unins000.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Window Washer --> C:\WINDOWS\Unwash6.exe
XVid;-) --> C:\Program Files\XVid;-)\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type22239 / Error
Event Submitted/Written: 06/30/2008 09:49:34 PM
Event ID/Source: 100 / AVG7
Event Description:
2008-07-01 01:49:34,484 KHAIRUL [000484:001176] ERROR 000 AVG7.WTS.CAvgAmWts ProcessIdToSessionId(1508) call failed with WIN32 error 87, returning session id is 0

Event Record #/Type22216 / Error
Event Submitted/Written: 06/30/2008 00:06:29 AM
Event ID/Source: 11401 / MsiInstaller
Event Description:
Product: Skype™ 3.8 -- Error 1401. Could not create key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress. System error 1019. Verify that you have sufficient access to that key, or contact your support personnel.

Event Record #/Type22215 / Error
Event Submitted/Written: 06/30/2008 00:04:13 AM
Event ID/Source: 11401 / MsiInstaller
Event Description:
Product: Skype™ 3.8 -- Error 1401. Could not create key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress. System error 1019. Verify that you have sufficient access to that key, or contact your support personnel.

Event Record #/Type22208 / Warning
Event Submitted/Written: 06/29/2008 04:32:48 PM
Event ID/Source: 0 / COM+ SOAP Services
Event Description:
Removal of an assembly from the global assembly cache failed: C:\WINDOWS\TEMP\TEMP_QTAddressBar\Interop.SHDocVw.dll Interop.SHDocVw,Version=1.1.0.0

Event Record #/Type22207 / Warning
Event Submitted/Written: 06/29/2008 04:32:48 PM
Event ID/Source: 0 / COM+ SOAP Services
Event Description:
Removal of an assembly from the global assembly cache failed: C:\WINDOWS\TEMP\TEMP_QTAddressBar\QTAddressBar.dll QTAddressBar,Version=1.0.0.0



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type586 / Error
Event Submitted/Written: 07/02/2008 01:01:29 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The npkcrypt service failed to start due to the following error:
%%2

Event Record #/Type582 / Warning
Event Submitted/Written: 07/02/2008 00:28:12 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type527 / Error
Event Submitted/Written: 07/01/2008 02:50:33 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Viewpoint Manager Service service failed to start due to the following error:
%%2

Event Record #/Type526 / Error
Event Submitted/Written: 07/01/2008 02:50:33 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The npkcrypt service failed to start due to the following error:
%%2

Event Record #/Type519 / Error
Event Submitted/Written: 07/01/2008 02:19:35 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s).



-- End of Deckard's System Scanner: finished at 2008-07-02 01:06:41 ------------

#11 sa000

sa000
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 02 July 2008 - 12:12 AM

I would like to thank you for all your help and dedication that you have provided. My computer runs well and there is no redirecting search results. But I would like you to double check everything to see if anything is wrong. If everything seems fine should I turn off then turn on system restore cause I have read other posts and thats what they did.

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 02 July 2008 - 04:54 AM

I would like to thank you for all your help and dedication that you have provided. My computer runs well and there is no redirecting search results. But I would like you to double check everything to see if anything is wrong. If everything seems fine should I turn off then turn on system restore cause I have read other posts and thats what they did.



Nope.. Don't disable System Restore.. If anything bad happens to your computer, at very least, you can restore your machine to an earlier date.. Imagine if you have no restore point at all.. ;)



A little bit more..


Please go to Start >> Run and type or copy/paste the following in the run box: "%userprofile%\Desktop\New Folder\dss.exe" /daft . Then press Enter
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.


NEXT


Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88979e27-c5ca-11d9-ad87-806d6172696f}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c80c74e6-b00e-11dc-aff1-0013204862d4}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\msgsys
    J:\Autorun.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Please post OTMoveIt2 log along with a fresh Deckard System Scanner log in your next reply.. Post each log in separate post..


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 sa000

sa000
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 02 July 2008 - 11:08 AM

Otmove it log
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88979e27-c5ca-11d9-ad87-806d6172696f} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88979e27-c5ca-11d9-ad87-806d6172696f}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c80c74e6-b00e-11dc-aff1-0013204862d4} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c80c74e6-b00e-11dc-aff1-0013204862d4}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\msgsys >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\msgsys deleted successfully.
File/Folder J:\Autorun.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07022008_120637

#14 sa000

sa000
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 02 July 2008 - 11:10 AM

dss log, so does everything seem ok?
Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-02 12:09:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:12 PM, on 7/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Owner\Desktop\New Folder\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelper.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [c0.exe] "C:\aidualc3\c0.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ViOrb] C:\WINDOWS\resources\Themes\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: Yahoo! Checkers - http://origin.games.yahoo.net/games/clients/y/kt4_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung....can8/oscan8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_2.ocx
O16 - DPF: {89A9F739-8F34-40E1-BCD3-62BABEAD3C6F} (MSN Money QuickList) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2458BFCA-0677-4539-B63A-551423F3A367}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{2458BFCA-0677-4539-B63A-551423F3A367}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe

--
End of file - 9093 bytes

-- Files created between 2008-06-02 and 2008-07-02 -----------------------------

2008-07-02 00:16:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-02 00:16:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-02 00:16:21 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-01 21:58:49 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-01 21:58:48 0 d-------- C:\Documents and Settings\Owner\Application Data\skypePM
2008-07-01 21:57:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2008-07-01 21:57:14 0 d-------- C:\Program Files\Skype
2008-07-01 21:57:14 0 d-------- C:\Program Files\Common Files\Skype
2008-07-01 20:35:59 0 d-------- C:\Program Files\CDisplay
2008-06-30 23:28:03 9060352 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-06-30 23:16:41 0 d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-06-30 23:16:25 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-30 21:57:45 0 d-------- C:\cmdcons
2008-06-30 21:55:47 68096 --a------ C:\WINDOWS\zip.exe
2008-06-30 21:55:47 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-30 21:55:46 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-30 21:55:46 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-30 21:55:46 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-30 21:55:46 98816 --a------ C:\WINDOWS\sed.exe
2008-06-30 21:55:46 80412 --a------ C:\WINDOWS\grep.exe
2008-06-30 21:55:46 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-30 00:04:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-25 16:31:51 0 d-------- C:\Program Files\a-squared Free
2008-06-24 14:43:43 0 d-------- C:\Program Files\Trend Micro
2008-06-23 22:32:15 0 d-------- C:\Program Files\Lavasoft
2008-06-23 22:32:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-21 16:16:13 0 d-------- C:\Documents and Settings\Owner\Application Data\ViStart
2008-06-21 16:16:12 0 d-------- C:\Program Files\ViStart
2008-06-21 15:38:30 0 d-------- C:\Documents and Settings\Owner\Application Data\Real Desktop
2008-06-21 13:53:44 0 d-------- C:\Documents and Settings\Owner\Application Data\Consultia
2008-06-21 00:41:06 0 d-------- C:\Documents and Settings\Owner\Application Data\Thinking Minds Budiling Bytes
2008-06-20 13:34:38 967 --a------ C:\WINDOWS\ScUnin.pif
2008-06-20 13:34:38 35382 --a------ C:\WINDOWS\scunin.dat
2008-06-20 13:34:37 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-06-17 19:18:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Styler
2008-06-17 11:58:11 0 d-------- C:\Program Files\VistaExperience.org
2008-06-17 11:57:07 0 d-------- C:\Program Files\Windows Sidebar
2008-06-17 11:56:24 0 d-------- C:\Program Files\Alky for Applications
2008-06-17 11:55:38 0 d-------- C:\WINDOWS\l2schemas
2008-06-17 11:53:56 0 d-------- C:\Program Files\Styler
2008-06-17 11:11:10 0 d-------- C:\Program Files\Shock Utility
2008-06-15 13:33:27 0 d-------- C:\Program Files\Roxio
2008-06-13 11:15:59 0 d--hs---- C:\Documents and Settings\Owner\Recent
2008-06-09 10:17:15 0 d-------- C:\Program Files\GameSpy Arcade
2008-06-09 10:14:15 0 d-------- C:\Program Files\Microsoft Games
2008-06-08 23:04:25 0 d-------- C:\Program Files\SopCast
2008-06-07 16:59:06 0 d-------- C:\Program Files\mIRC
2008-06-07 16:59:06 0 d-------- C:\Documents and Settings\Owner\Application Data\mIRC
2008-06-07 13:32:02 0 d-------- C:\Program Files\AVI MPEG RM WMV Splitter
2008-06-07 13:27:51 0 d-------- C:\Program Files\avisplit
2008-06-07 13:15:22 0 d-------- C:\Program Files\AC3Filter
2008-06-07 12:37:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-06-07 12:36:53 0 d-------- C:\Program Files\Common Files\Roxio Shared


-- Find3M Report ---------------------------------------------------------------

2008-07-02 02:24:28 0 d-------- C:\Program Files\Starcraft
2008-07-01 22:41:52 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-07-01 21:57:14 0 d-------- C:\Program Files\Common Files
2008-06-30 21:55:18 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-30 21:48:27 0 d-------- C:\Program Files\Windows NT
2008-06-30 21:48:25 0 d-------- C:\Program Files\Movie Maker
2008-06-23 22:31:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 11:45:35 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft« Windows« Operating System>
2008-06-15 00:38:26 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-06-09 23:01:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Log
2008-06-09 22:58:51 0 d-------- C:\Documents and Settings\Owner\Application Data\VimViewer
2008-06-09 22:58:17 0 d-------- C:\Documents and Settings\Owner\Application Data\VimCaster
2008-06-07 13:06:45 0 d-------- C:\Program Files\DivX
2008-06-07 12:38:32 0 d-------- C:\Documents and Settings\Owner\Application Data\Roxio
2008-06-06 13:51:53 668 --a------ C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
2008-06-06 13:51:53 0 d-------- C:\Documents and Settings\Owner\Application Data\Vso
2008-06-01 22:21:20 0 d-------- C:\Program Files\Videopot
2008-06-01 22:13:24 0 d-------- C:\Program Files\DAUM
2008-06-01 22:00:34 0 d-------- C:\Program Files\PANDORA.TV
2008-05-30 19:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX«>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX«>
2008-05-30 19:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX«>
2008-05-30 19:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX«>
2008-05-28 19:05:47 0 d-------- C:\Program Files\Opera
2008-05-27 18:12:54 2190 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-27 17:48:05 34 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.log
2008-05-27 17:48:00 47360 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-05-27 17:48:00 1144 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.inf
2008-05-27 17:48:00 7887 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.cat
2008-05-27 17:47:49 0 d-------- C:\Program Files\VSO
2008-05-27 17:24:14 0 d-------- C:\Program Files\DVD Shrink
2008-05-26 13:44:01 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-26 08:34:31 0 d-------- C:\Program Files\LogMeIn
2008-05-25 13:37:04 0 d-------- C:\Program Files\Nero
2008-05-25 11:12:35 0 d-------- C:\Program Files\AVI DivX to DVD SVCD VCD Converter
2008-05-23 21:50:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Winamp
2008-05-22 21:13:55 0 d-------- C:\Program Files\NBX Audio Converter
2008-05-22 18:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-18 21:40:35 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-18 21:40:35 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-18 14:44:14 0 d-------- C:\Program Files\Common Files\NSV
2008-05-15 23:22:45 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-12 17:47:02 0 d-------- C:\Program Files\RK Launcher
2008-05-12 17:42:26 0 d-------- C:\Program Files\SlySoft
2008-05-10 23:27:43 0 d-------- C:\Program Files\Messenger
2008-05-10 23:23:58 0 d-------- C:\Program Files\QuickTime
2008-05-10 23:08:44 0 d-------- C:\Program Files\RocketDock
2008-05-09 16:16:07 0 -r-hs---- C:\config.sys
2008-05-08 20:48:42 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-08 19:46:06 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-07 20:51:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Obsidium
2008-05-07 20:50:24 0 d-------- C:\Program Files\NetIntellGames
2008-05-07 20:32:21 0 d-------- C:\Documents and Settings\Owner\Application Data\HTML Executable
2008-05-06 18:59:10 0 d-------- C:\Program Files\MagicDisc
2008-05-06 06:10:33 0 d-------- C:\Program Files\Alex Feinman
2008-05-05 21:20:55 0 d-------- C:\Program Files\UltraISO
2008-05-05 21:20:49 0 d-------- C:\Program Files\Common Files\EZB Systems
2008-05-05 21:16:39 0 d-------- C:\Program Files\MagicISO
2008-05-03 23:27:00 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2008-05-03 23:26:16 0 d-------- C:\Program Files\iTunes
2008-05-03 23:25:58 0 d-------- C:\Program Files\iPod
2008-05-03 23:25:22 0 d-------- C:\Program Files\Bonjour
2008-05-03 23:22:51 0 d-------- C:\Program Files\Apple Software Update
2008-05-03 23:21:59 0 d-------- C:\Program Files\Common Files\Apple
2008-05-03 20:15:56 0 d-------- C:\Program Files\Free Online FLV Converter
2008-04-27 08:56:57 827 --a------ C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
2008-04-19 21:35:17 4096 --a------ C:\WINDOWS\d3dx.dat
2008-04-10 21:54:34 1714 --a------ C:\Documents and Settings\Owner\Application Data\dm.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/20/2004 06:55 PM]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"c0.exe"="C:\aidualc3\c0.exe" [07/29/2007 03:48 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/01/2008 01:48 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 PM]
"ViOrb"="C:\WINDOWS\resources\Themes\ViOrb\ViOrb.exe" []
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [12/02/2007 09:58 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 11/15/2007 06:46 PM 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\Program Files\Common Files\Stardock\mcpstub.dll 08/25/2003 11:25 AM 139264 C:\Program Files\Common Files\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=C:\WINDOWS\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^sakib^Start Menu^Programs^Startup^Konfabulator.lnk]
path=C:\Documents and Settings\sakib\Start Menu\Programs\Startup\Konfabulator.lnk
backup=C:\WINDOWS\pss\Konfabulator.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^sakib^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\sakib\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CubeDesktop]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlmMgr]
"C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" restart=1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1130177598\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyTray.exe]
C:\Program Files\HotkeyHelper\HotkeyTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Isso Reloader]
C:\WINDOWS\resources\ISSO\Tools\sysfupw.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
"C:\Program Files\LClock\lclock.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
"C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mojo]
C:\Program Files\MojoSidekick\mojo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
"C:\Program Files\PowerISO\PWRISOVM.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Real Desktop]
"C:\Program Files\Real Desktop\Real Desktop.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
"C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"C:\Program Files\Spyware Doctor\SDTrayApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shock4Way3D]
C:\Program Files\Shock Utility\Shock4Way3D\Shock4Way3D.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrv]
C:\WINDOWS\Resources\ISSO\Software\VIPhd\vsdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu]
"C:\Program Files\Vista Start Menu\VistaStartMenu.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
"C:\Program Files\Webroot\Washer\wwDisp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yodm3D]
C:\Documents and Settings\Owner\Desktop\s\Yodm3D\Yodm3D\Yodm3D.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McDetect.exe"=2 (0x2)
"WinDefend"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
"C:\Program Files\Windows Sidebar\sidebar.exe /RegServer"



-- End of Deckard's System Scanner: finished at 2008-07-02 12:09:53 ------------

#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 02 July 2008 - 12:22 PM

dss log, so does everything seem ok?


Everything is ok dear.. Your DSS log looks clean to my eyes :thumbsup:


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between x and / is needed

    Posted Image



NEXT


Please Install/Update Sun Java

Updating Java:
  • Go to Start --> Control Panel --> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
  • It should have next icon next to it: Posted Image
  • Select it and click Remove. This will uninstall the previous (outdated) version of Java.
  • Then Download and install the newest version from here: Java Runtime Environment (JRE) 6 Update 6



NEXT


I noticed you already have:

1. Avast! as your antivirus
2. Symantec as your firewall
3. Malwarebytes' as your antispyware...



Lastly, to keep your operating system up to date please visit the link below monthlyTo learn more about how to protect yourself while on the internet read this excellent article by Grinler: How did I get infected?, With steps so it does not happen again!

Please also read an excellent article by miekiemoes :Help! My computer is slow!

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users