Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Infected With Marketscore


  • Please log in to reply
19 replies to this topic

#1 Guest_sefket_*

Guest_sefket_*

  • Guests
  • OFFLINE
  •  

Posted 26 June 2008 - 10:28 PM

I clicked on a pic on Swiftswitch(program for runescape), and than my program froze.

Posted Image

Those showed up and I searched them, and it came as zipp. I deleted them, they came back later


Deckard's System Scanner v20071014.68
Run by fayik on 2008-06-26 23:14:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as fayik.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:48 PM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1158709548\ee\AOLSoftware.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\fayik\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\fayik.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O5 "LPT1:" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P39 "EPSON Stylus Photo R220 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158709548\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-21-3182694505-1158989204-490781771-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3182694505-1158989204-490781771-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-3182694505-1158989204-490781771-1007\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User '?')
O4 - HKUS\S-1-5-21-3182694505-1158989204-490781771-1007\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 0: (no name) - http://dsmedia.ign.com/ds/image/object/742..._Wii_CIRCART_R2[1]boxart_160w.jpg

--
End of file - 8503 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080626-092440-598 O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
backup-20080626-092744-515 O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
backup-20080626-164113-723 O20 - AppInit_DLLs: C:\WINDOWS\system32\rlai.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.6.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.6.0>
3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT«>
3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus« ASPI Shell>
2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
2 TBiosDrv - c:\windows\system32\drivers\tbiosdrv.sys
3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
3 tosrfec (Bluetooth ACPI from TOSHIBA) - c:\windows\system32\drivers\tosrfec.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth EC Driver>
3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>
3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)>
3 TVALD (Toshiba Mobile PC Service) - c:\windows\system32\drivers\nbsmi.sys <Not Verified; Toshiba Corporation; Toshiba Notebook PC SMI Service>
3 Tvs (Toshiba Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys <Not Verified; TOSHIBA Corporation; Audio Filter>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 aawservice (Lavasoft Ad-Aware Service) - c:\program files\lavasoft\ad-aware\aawservice.exe
2 Apple Mobile Device - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - c:\program files\bonjour\mdnsresponder.exe
3 FLEXnet Licensing Service - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
4 Irmon (Infrared Monitor) - c:\windows\system32\svchost.exe
4 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
4 Swupdtmr - c:\toshiba\ivp\swupdate\swupdtmr.exe
4 TAPPSRV (TOSHIBA Application Service) - c:\program files\toshiba\toshiba applet\tappsrv.exe


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2008-06-05 22:19:07 408 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2007-12-09 22:11:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-26 and 2008-06-26 -----------------------------

2008-06-26 20:16:22 0 d-------- C:\Documents and Settings\fayik\Application Data\CasinoOnNet
2008-06-26 16:45:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-26 15:55:27 0 d-------- C:\Program Files\Lavasoft
2008-06-26 15:55:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-26 15:53:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-26 15:33:36 0 --a------ C:\Documents and Settings\fayik\pslist
2008-06-26 14:31:44 0 d-------- C:\Program Files\Vstplugins
2008-06-26 14:29:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-06-26 01:00:06 0 d-------- C:\Program Files\Spyware Doctor
2008-06-26 01:00:06 0 d-------- C:\Documents and Settings\fayik\Application Data\PC Tools
2008-06-25 23:28:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-06-25 23:27:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-06-25 23:27:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\SendTo
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Cookies
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-25 23:27:36 1310720 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-25 23:05:58 0 d-------- C:\$AVG8.VAULT$
2008-06-25 23:03:51 0 d-------- C:\WINDOWS\system32\drivers\Avg(2)
2008-06-25 22:35:39 0 d-------- C:\Documents and Settings\fayik\Application Data\AVGTOOLBAR
2008-06-25 22:35:23 0 d-------- C:\Program Files\AVG(2)
2008-06-25 22:35:22 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8(2)
2008-06-25 21:39:15 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-18 13:51:18 0 d-------- C:\Documents and Settings\fayik\Application Data\vlc
2008-06-16 19:01:47 0 d-------- C:\Documents and Settings\mehmet\Application Data\MySpace
2008-06-14 13:04:03 0 d-------- C:\Program Files\AARONS CLIKER
2008-06-05 22:18:58 0 d-------- C:\Program Files\Norton Security Scan
2008-06-03 14:01:37 0 d-------- C:\Program Files\AIMTunes
2008-06-01 22:46:46 0 d-------- C:\Documents and Settings\fayik\Application Data\MySpace
2008-05-27 13:25:32 0 d-------- C:\Program Files\MSXML 6.0
2008-05-27 13:22:37 4718592 --a------ C:\Documents and Settings\fayik\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2008-06-26 20:16:31 0 d-------- C:\Program Files\CasinoOnNet
2008-06-26 16:45:54 0 d-------- C:\Program Files\PokerStars
2008-06-26 16:43:42 0 d-------- C:\Program Files\Yahoo!
2008-06-26 15:53:33 0 d-------- C:\Program Files\Common Files
2008-06-26 14:54:18 0 d-------- C:\Program Files\SwiftKit
2008-06-26 14:38:49 0 d-------- C:\Program Files\SwiftSwitch
2008-06-26 14:38:25 0 d-------- C:\Program Files\AIM6
2008-06-26 14:38:04 0 d-------- C:\Program Files\Viewpoint
2008-06-26 14:34:26 0 d-------- C:\Program Files\Notebook Maximizer
2008-06-24 11:22:54 0 d-------- C:\Documents and Settings\fayik\Application Data\LimeWire
2008-06-23 01:32:32 4 --a------ C:\WINDOWS\system32\CE6C10
2008-06-19 15:16:32 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-18 21:19:58 0 d-------- C:\Program Files\Sony
2008-05-25 16:52:31 0 d-------- C:\Program Files\Microsoft SQL Server
2008-05-25 16:51:40 0 d-------- C:\Program Files\Sony Setup
2008-05-22 16:45:50 0 d-------- C:\Documents and Settings\fayik\Application Data\Adobe
2008-05-22 16:09:46 3740 --a------ C:\Documents and Settings\fayik\Application Data\wklnhst.dat
2008-05-20 14:43:23 0 d-------- C:\Program Files\Winamp
2008-05-20 14:43:11 0 d-------- C:\Documents and Settings\fayik\Application Data\Winamp
2008-05-19 16:53:12 0 d-------- C:\Program Files\Trend Micro
2008-05-17 22:08:52 0 d-------- C:\Program Files\Bonjour
2008-05-17 22:08:49 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-17 21:56:46 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-17 19:35:24 0 d-------- C:\Program Files\Rhapsody
2008-05-17 19:34:10 0 d-------- C:\Documents and Settings\fayik\Application Data\Real
2008-05-17 19:33:23 0 d-------- C:\Program Files\Real
2008-05-17 13:12:50 0 d-------- C:\Documents and Settings\fayik\Application Data\Publish Providers
2008-05-17 13:12:22 0 d-------- C:\Documents and Settings\fayik\Application Data\Sony
2008-05-17 12:40:27 0 d-------- C:\Program Files\MSBuild
2008-05-17 12:35:51 0 d-------- C:\Program Files\Reference Assemblies
2008-05-17 12:28:51 0 d-------- C:\Documents and Settings\fayik\Application Data\Sony Setup
2008-05-17 00:45:30 0 d-------- C:\Documents and Settings\fayik\Application Data\Mozilla
2008-05-16 23:49:55 0 d-------- C:\Program Files\Netflix
2008-05-16 19:19:31 0 d-------- C:\Program Files\Common Files\TechSmith Shared
2008-05-16 19:19:27 0 d-------- C:\Program Files\TechSmith
2008-05-13 22:25:04 0 d-------- C:\Program Files\LimeWire
2008-05-09 23:10:31 0 d-------- C:\Documents and Settings\fayik\Application Data\teamspeak2
2008-05-09 23:10:27 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-05-09 18:56:44 0 d-------- C:\Documents and Settings\fayik\Application Data\Uniblue
2008-05-07 15:45:41 0 d-------- C:\Documents and Settings\fayik\Application Data\gtk-2.0
2008-05-06 15:34:11 0 d-------- C:\Documents and Settings\fayik\Application Data\Help


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [04/05/2005 07:25 PM]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [08/10/2005 02:23 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [06/07/2005 11:03 PM]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [04/12/2005 07:18 PM]
"AGRSMMSG"="AGRSMMSG.exe" [04/12/2005 07:17 PM C:\WINDOWS\agrsmmsg.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [10/14/2004 06:28 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/14/2004 06:26 PM]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [09/07/2004 05:03 PM]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [04/26/2005 07:13 PM]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [03/17/2005 08:37 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [05/31/2005 08:33 AM]
"@"="" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/15/2004 02:27 PM]
"Notebook Maximizer"="C:\Program Files\Notebook Maximizer\maximizer_startup.exe" [05/04/2006 05:59 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/04/2007 02:00 PM]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe" [03/09/2005 04:00 AM]
"EPSON Stylus Photo R220 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe" [03/09/2005 04:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/28/2007 09:14 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1158709548\ee\AOLSoftware.exe" [09/25/2006 08:52 PM]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [08/06/2004 11:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 05:17 PM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 10/15/2004 02:27 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RelevantKnowledge]
C:\WINDOWS\system32\rlls.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-06-26 23:17:41 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Unable to create WMI object.

Architecture: X86; Language: English

Percentage of Memory in Use: 42%
Physical Memory (total/avail): 1015.42 MiB / 588.08 MiB
Pagefile Memory (total/avail): 2445.76 MiB / 2007.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1939.77 MiB

C: is Fixed (NTFS) - 93.16 GiB total, 75.85 GiB free.
D: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\fayik\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MEMS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
GETMODEL=Satellite M45
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\fayik
LOGONSERVER=\\MEMS
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\fayik\Application Data\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_RESTART_ARG_1=-requestPending
MOZ_CRASHREPORTER_RESTART_ARG_2=-osint
MOZ_CRASHREPORTER_RESTART_ARG_3=-url
MOZ_CRASHREPORTER_RESTART_ARG_4=http://hjt-data.trend-braintree.com/hjt/analyzethis/index.php?report=6709339
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\Trend Micro\HijackThis;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\fayik\LOCALS~1\Temp
TMP=C:\DOCUME~1\fayik\LOCALS~1\Temp
USERDOMAIN=MEMS
USERNAME=fayik
USERPROFILE=C:\Documents and Settings\fayik
VERNUM=PSM42U-01Q006V
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

mehmet (admin)
fayik (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{8FC46258-0843-4D79-B7F0-F2B82FE6173B}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Camtasia Studio 5 --> MsiExec.exe /I{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}
Casino-On-Net --> C:\PROGRA~1\CASINO~1\UNWISE.EXE C:\PROGRA~1\CASINO~1\INSTALL.LOG
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HyperCam 2 --> "C:\Program Files\HyCam2\UnHyCam2.exe"
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
iTunes --> MsiExec.exe /I{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
K-Lite Codec Pack 2.85 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office OneNote 2003 --> MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 6.0 Parser (KB925673) --> MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Notebook Maximizer --> C:\WINDOWS\iun6002.exe "C:\Program Files\Notebook Maximizer\irunin.ini"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Quicken 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RelevantKnowledge --> C:\windows\system32\rlvknlg.exe -bootremove -uninst:RelevantKnowledge
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
SD Secure Module --> MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
SMSC IrCC V5.1.3600.5 SP2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe" -l0x9 UNINSTALL
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sony Media Manager 2.3 --> MsiExec.exe /X{8FA5B6B7-D8BD-49F7-98D7-701C26B01E97}
Sony Vegas Pro 8.0 --> MsiExec.exe /X{7C9AD221-994C-45B2-B46D-26F5735158CF}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SwiftKit --> C:\Program Files\SwiftKit\Uninstall.exe
SwiftSwitch --> C:\Program Files\SwiftSwitch\Uninstal.exe
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7ED0C3C2-6A3B-4FD1-97C8-20613D7D9ACF} /l1033
TOSHIBA SD Memory Card Format --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"
TOSHIBA Software Modem --> Tosmreg -U
TOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Speech System Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
Toshiba Tbiosdrv Driver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Toshiba\Toshiba Tbiosdrv Driver\Tbiosdrv.isu"
TOSHIBA TouchPad ON/Off Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69BE47C2-36FE-4397-8199-85D8EAE69982}\setup.exe" -l0x9
TOSHIBA Utilities --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}\setup.exe" -l0x9
TOSHIBA Virtual Sound --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall
TOSHIBA Zooming Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe"
Touch and Launch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type5862 / Error
Event Submitted/Written: 06/26/2008 04:17:39 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type5857 / Error
Event Submitted/Written: 06/26/2008 02:49:48 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type5848 / Error
Event Submitted/Written: 06/26/2008 02:26:31 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module explorer.exe, version 6.0.2900.3156, fault address 0x000118b8.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type5846 / Error
Event Submitted/Written: 06/26/2008 02:25:10 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module explorer.exe, version 6.0.2900.3156, fault address 0x000118b8.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type5805 / Error
Event Submitted/Written: 06/19/2008 10:39:31 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type52824 / Error
Event Submitted/Written: 06/26/2008 11:17:32 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Event Record #/Type52823 / Error
Event Submitted/Written: 06/26/2008 11:17:32 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Event Record #/Type52822 / Error
Event Submitted/Written: 06/26/2008 11:17:22 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Event Record #/Type52821 / Error
Event Submitted/Written: 06/26/2008 11:17:22 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Event Record #/Type52820 / Error
Event Submitted/Written: 06/26/2008 11:16:58 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}



-- End of Deckard's System Scanner: finished at 2008-06-26 23:17:41 ------------

Edited by sefket, 26 June 2008 - 10:46 PM.


BC AdBot (Login to Remove)

 


#2 Guest_sefket_*

Guest_sefket_*

  • Guests
  • OFFLINE
  •  

Posted 27 June 2008 - 02:03 AM

Deckard's System Scanner v20071014.68
Run by fayik on 2008-06-27 03:01:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as fayik.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:02:01 AM, on 6/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1158709548\ee\AOLSoftware.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\fayik\Desktop\dss.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\windows-kb890830-v1.42.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\fayik.exe
c:\6378ab8cfe6c2b3b00626ea3\mrtstub.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O5 "LPT1:" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P39 "EPSON Stylus Photo R220 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158709548\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-21-3182694505-1158989204-490781771-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3182694505-1158989204-490781771-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-3182694505-1158989204-490781771-1007\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User '?')
O4 - HKUS\S-1-5-21-3182694505-1158989204-490781771-1007\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 0: (no name) - http://dsmedia.ign.com/ds/image/object/742..._Wii_CIRCART_R2[1]boxart_160w.jpg

--
End of file - 8753 bytes

-- Files created between 2008-05-27 and 2008-06-27 -----------------------------

2008-06-27 03:01:53 0 d-------- C:\6378ab8cfe6c2b3b00626ea3
2008-06-27 03:00:33 0 d-------- C:\WINDOWS\LastGood
2008-06-26 20:16:22 0 d-------- C:\Documents and Settings\fayik\Application Data\CasinoOnNet
2008-06-26 16:45:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-26 15:55:27 0 d-------- C:\Program Files\Lavasoft
2008-06-26 15:55:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-26 15:53:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-26 15:33:36 0 --a------ C:\Documents and Settings\fayik\pslist
2008-06-26 14:31:44 0 d-------- C:\Program Files\Vstplugins
2008-06-26 14:29:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-06-26 01:00:06 0 d-------- C:\Program Files\Spyware Doctor
2008-06-26 01:00:06 0 d-------- C:\Documents and Settings\fayik\Application Data\PC Tools
2008-06-25 23:28:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-06-25 23:27:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-06-25 23:27:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\SendTo
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Cookies
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-25 23:27:36 1310720 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-25 23:05:58 0 d-------- C:\$AVG8.VAULT$
2008-06-25 23:03:51 0 d-------- C:\WINDOWS\system32\drivers\Avg(2)
2008-06-25 22:35:39 0 d-------- C:\Documents and Settings\fayik\Application Data\AVGTOOLBAR
2008-06-25 22:35:23 0 d-------- C:\Program Files\AVG(2)
2008-06-25 22:35:22 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8(2)
2008-06-25 21:39:15 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-18 13:51:18 0 d-------- C:\Documents and Settings\fayik\Application Data\vlc
2008-06-16 19:01:47 0 d-------- C:\Documents and Settings\mehmet\Application Data\MySpace
2008-06-14 13:04:03 0 d-------- C:\Program Files\AARONS CLIKER
2008-06-05 22:18:58 0 d-------- C:\Program Files\Norton Security Scan
2008-06-03 14:01:37 0 d-------- C:\Program Files\AIMTunes
2008-06-01 22:46:46 0 d-------- C:\Documents and Settings\fayik\Application Data\MySpace
2008-05-27 13:25:32 0 d-------- C:\Program Files\MSXML 6.0
2008-05-27 13:22:37 4718592 --a------ C:\Documents and Settings\fayik\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2008-06-27 00:44:13 3858 --a------ C:\Documents and Settings\fayik\Application Data\wklnhst.dat
2008-06-27 00:43:00 0 d-------- C:\Program Files\Pure Networks
2008-06-26 20:16:31 0 d-------- C:\Program Files\CasinoOnNet
2008-06-26 16:45:54 0 d-------- C:\Program Files\PokerStars
2008-06-26 16:43:42 0 d-------- C:\Program Files\Yahoo!
2008-06-26 15:53:33 0 d-------- C:\Program Files\Common Files
2008-06-26 14:54:18 0 d-------- C:\Program Files\SwiftKit
2008-06-26 14:38:49 0 d-------- C:\Program Files\SwiftSwitch
2008-06-26 14:38:25 0 d-------- C:\Program Files\AIM6
2008-06-26 14:38:04 0 d-------- C:\Program Files\Viewpoint
2008-06-26 14:34:26 0 d-------- C:\Program Files\Notebook Maximizer
2008-06-24 11:22:54 0 d-------- C:\Documents and Settings\fayik\Application Data\LimeWire
2008-06-23 01:32:32 4 --a------ C:\WINDOWS\system32\CE6C10
2008-06-19 15:16:32 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-18 21:19:58 0 d-------- C:\Program Files\Sony
2008-05-25 16:52:31 0 d-------- C:\Program Files\Microsoft SQL Server
2008-05-25 16:51:40 0 d-------- C:\Program Files\Sony Setup
2008-05-22 16:45:50 0 d-------- C:\Documents and Settings\fayik\Application Data\Adobe
2008-05-20 14:43:23 0 d-------- C:\Program Files\Winamp
2008-05-20 14:43:11 0 d-------- C:\Documents and Settings\fayik\Application Data\Winamp
2008-05-19 16:53:12 0 d-------- C:\Program Files\Trend Micro
2008-05-17 22:08:52 0 d-------- C:\Program Files\Bonjour
2008-05-17 22:08:49 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-17 21:56:46 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-17 19:35:24 0 d-------- C:\Program Files\Rhapsody
2008-05-17 19:34:10 0 d-------- C:\Documents and Settings\fayik\Application Data\Real
2008-05-17 19:33:23 0 d-------- C:\Program Files\Real
2008-05-17 13:12:50 0 d-------- C:\Documents and Settings\fayik\Application Data\Publish Providers
2008-05-17 13:12:22 0 d-------- C:\Documents and Settings\fayik\Application Data\Sony
2008-05-17 12:40:27 0 d-------- C:\Program Files\MSBuild
2008-05-17 12:35:51 0 d-------- C:\Program Files\Reference Assemblies
2008-05-17 12:28:51 0 d-------- C:\Documents and Settings\fayik\Application Data\Sony Setup
2008-05-17 00:45:30 0 d-------- C:\Documents and Settings\fayik\Application Data\Mozilla
2008-05-16 23:49:55 0 d-------- C:\Program Files\Netflix
2008-05-16 19:19:31 0 d-------- C:\Program Files\Common Files\TechSmith Shared
2008-05-16 19:19:27 0 d-------- C:\Program Files\TechSmith
2008-05-13 22:25:04 0 d-------- C:\Program Files\LimeWire
2008-05-09 23:10:31 0 d-------- C:\Documents and Settings\fayik\Application Data\teamspeak2
2008-05-09 23:10:27 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-05-09 18:56:44 0 d-------- C:\Documents and Settings\fayik\Application Data\Uniblue
2008-05-07 15:45:41 0 d-------- C:\Documents and Settings\fayik\Application Data\gtk-2.0
2008-05-06 15:34:11 0 d-------- C:\Documents and Settings\fayik\Application Data\Help


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [04/05/2005 07:25 PM]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [08/10/2005 02:23 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [06/07/2005 11:03 PM]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [04/12/2005 07:18 PM]
"AGRSMMSG"="AGRSMMSG.exe" [04/12/2005 07:17 PM C:\WINDOWS\agrsmmsg.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [10/14/2004 06:28 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/14/2004 06:26 PM]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [09/07/2004 05:03 PM]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [04/26/2005 07:13 PM]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [03/17/2005 08:37 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [05/31/2005 08:33 AM]
"@"="" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/15/2004 02:27 PM]
"Notebook Maximizer"="C:\Program Files\Notebook Maximizer\maximizer_startup.exe" [05/04/2006 05:59 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/04/2007 02:00 PM]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe" [03/09/2005 04:00 AM]
"EPSON Stylus Photo R220 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe" [03/09/2005 04:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/28/2007 09:14 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1158709548\ee\AOLSoftware.exe" [09/25/2006 08:52 PM]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [08/06/2004 11:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 05:17 PM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 10/15/2004 02:27 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RelevantKnowledge]
C:\WINDOWS\system32\rlls.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-06-27 03:02:39 ------------

#3 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario

Posted 27 June 2008 - 02:22 AM

Hi,

Thanks for the logs.
Welcome to Bleepingcomputer. :thumbsup:

Fire up your CCleaner and have it clean up your temps.
Do NOT let it run the "issues" section please.

Exit CCleaner when done.

Please start Hijackthis
Run system scan and check the following:

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-21-3182694505-1158989204-490781771-1007\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User '?')
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll (file missing)


Close all open windows then hit "fix checked"
Say OK ane exit Hijackthis.

Reboot.

Configure your system to show hidden files.
How to:
http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/
don't forget to hide files/folders when we are finished cleaning.

Using Windows explorer locate and delete if present the following files:

C:\Windows\system32\cemetrix.dll
C:\Windows\system32\okshook.dll
C:\Windows\system32\opls.dll
C:\Windows\system32\osconfig.dll
C:\Windows\system32\osmim.dll
C:\Windows\system32\ossproxy.exe
C:\Windows\system32\rk.exe
C:\Windows\system32\rlvknlg.exe
C:\Windows\system32\rlxf.dll
C:\Windows\system32\rlvknlg.exe
C:\Windows\rlvknlg.exe

Empty out recycle bin.

Post new dss log please (main.txt) along with a log from the following:

If you already have used Kaspersky online scanner, please uninstall it via add/remove programs because this is a new version I need you to download.

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Graphics tutorial available here if needed:

http://i275.photobucket.com/albums/jj285/B...ng/KAS/KAS9.gif

Thanks :)
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#4 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario

Posted 27 June 2008 - 02:26 AM

Me again with more stuff to do :thumbsup:

When you have done the above please also do the following:

I notice you have no antivirus installed. Only bits and pieces of old installs..
You need to install an antivirus on the system or else you are just looking for troubles.

Here is a choice between 3 free ones.
Install only one please:

Avast:
http://www.avast.com/eng/avast_4_home.html
Tutorial:
http://www.bleepingcomputer.com/tutorials/how-to-use-avast-antivirus/

AVG free: (comes with antispyware)
http://free.grisoft.com/ww.download?prd=afe#tba2
User manual:
http://free.grisoft.com/ww.download?prd=afe#tba3

AntiVir:
http://www.free-av.com/antivirus/allinonen.html

Once you have one of the above installed please make sure to update it, run full scan with it.
Let me know how that went please.

Thanks :)
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#5 Guest_Sefkart_*

Guest_Sefkart_*

  • Guests
  • OFFLINE
  •  

Posted 27 June 2008 - 01:47 PM

I told my friend to register me a account since i didnt want virus in my email, and i forgot pass, and it got locked for a while. This operator in chatroom said to register another account.

Blender said to do a kaspersky scan, and a dss scan and post them here. Here is the link:

http://www.bleepingcomputer.com/forums/topic154516.html

Deckard's System Scanner v20071014.68
Run by fayik on 2008-06-27 12:21:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as fayik.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:38 PM, on 6/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1158709548\ee\AOLSoftware.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\fayik\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\fayik.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O5 "LPT1:" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P39 "EPSON Stylus Photo R220 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158709548\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-21-3182694505-1158989204-490781771-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3182694505-1158989204-490781771-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-3182694505-1158989204-490781771-1007\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 0: (no name) - http://dsmedia.ign.com/ds/image/object/742..._Wii_CIRCART_R2[1]boxart_160w.jpg

--
End of file - 8224 bytes

-- Files created between 2008-05-27 and 2008-06-27 -----------------------------

2008-06-27 11:42:40 0 dr-h----- C:\Documents and Settings\fayik\Recent
2008-06-27 11:33:59 0 d-------- C:\Program Files\Windows Defender
2008-06-26 20:16:22 0 d-------- C:\Documents and Settings\fayik\Application Data\CasinoOnNet
2008-06-26 16:45:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-26 15:55:27 0 d-------- C:\Program Files\Lavasoft
2008-06-26 15:55:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-26 15:53:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-26 15:33:36 0 --a------ C:\Documents and Settings\fayik\pslist
2008-06-26 14:31:44 0 d-------- C:\Program Files\Vstplugins
2008-06-26 14:29:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-06-26 01:00:06 0 d-------- C:\Program Files\Spyware Doctor
2008-06-26 01:00:06 0 d-------- C:\Documents and Settings\fayik\Application Data\PC Tools
2008-06-25 23:28:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-06-25 23:27:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-06-25 23:27:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\SendTo
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Cookies
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-25 23:27:36 1310720 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-25 23:05:58 0 d-------- C:\$AVG8.VAULT$
2008-06-25 23:03:51 0 d-------- C:\WINDOWS\system32\drivers\Avg(2)
2008-06-25 22:35:39 0 d-------- C:\Documents and Settings\fayik\Application Data\AVGTOOLBAR
2008-06-25 22:35:23 0 d-------- C:\Program Files\AVG(2)
2008-06-25 22:35:22 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8(2)
2008-06-25 21:39:15 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-18 13:51:18 0 d-------- C:\Documents and Settings\fayik\Application Data\vlc
2008-06-16 19:01:47 0 d-------- C:\Documents and Settings\mehmet\Application Data\MySpace
2008-06-14 13:04:03 0 d-------- C:\Program Files\AARONS CLIKER
2008-06-05 22:18:58 0 d-------- C:\Program Files\Norton Security Scan
2008-06-03 14:01:37 0 d-------- C:\Program Files\AIMTunes
2008-06-01 22:46:46 0 d-------- C:\Documents and Settings\fayik\Application Data\MySpace
2008-05-27 13:25:32 0 d-------- C:\Program Files\MSXML 6.0
2008-05-27 13:22:37 4718592 --a------ C:\Documents and Settings\fayik\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2008-06-27 00:44:13 3858 --a------ C:\Documents and Settings\fayik\Application Data\wklnhst.dat
2008-06-27 00:43:00 0 d-------- C:\Program Files\Pure Networks
2008-06-26 20:16:31 0 d-------- C:\Program Files\CasinoOnNet
2008-06-26 16:45:54 0 d-------- C:\Program Files\PokerStars
2008-06-26 16:43:42 0 d-------- C:\Program Files\Yahoo!
2008-06-26 15:53:33 0 d-------- C:\Program Files\Common Files
2008-06-26 14:54:18 0 d-------- C:\Program Files\SwiftKit
2008-06-26 14:38:49 0 d-------- C:\Program Files\SwiftSwitch
2008-06-26 14:38:25 0 d-------- C:\Program Files\AIM6
2008-06-26 14:38:04 0 d-------- C:\Program Files\Viewpoint
2008-06-26 14:34:26 0 d-------- C:\Program Files\Notebook Maximizer
2008-06-24 11:22:54 0 d-------- C:\Documents and Settings\fayik\Application Data\LimeWire
2008-06-23 01:32:32 4 --a------ C:\WINDOWS\system32\CE6C10
2008-06-19 15:16:32 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-18 21:19:58 0 d-------- C:\Program Files\Sony
2008-05-25 16:52:31 0 d-------- C:\Program Files\Microsoft SQL Server
2008-05-25 16:51:40 0 d-------- C:\Program Files\Sony Setup
2008-05-22 16:45:50 0 d-------- C:\Documents and Settings\fayik\Application Data\Adobe
2008-05-20 14:43:23 0 d-------- C:\Program Files\Winamp
2008-05-20 14:43:11 0 d-------- C:\Documents and Settings\fayik\Application Data\Winamp
2008-05-19 16:53:12 0 d-------- C:\Program Files\Trend Micro
2008-05-17 22:08:52 0 d-------- C:\Program Files\Bonjour
2008-05-17 22:08:49 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-17 21:56:46 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-17 19:35:24 0 d-------- C:\Program Files\Rhapsody
2008-05-17 19:34:10 0 d-------- C:\Documents and Settings\fayik\Application Data\Real
2008-05-17 19:33:23 0 d-------- C:\Program Files\Real
2008-05-17 13:12:50 0 d-------- C:\Documents and Settings\fayik\Application Data\Publish Providers
2008-05-17 13:12:22 0 d-------- C:\Documents and Settings\fayik\Application Data\Sony
2008-05-17 12:40:27 0 d-------- C:\Program Files\MSBuild
2008-05-17 12:35:51 0 d-------- C:\Program Files\Reference Assemblies
2008-05-17 12:28:51 0 d-------- C:\Documents and Settings\fayik\Application Data\Sony Setup
2008-05-17 00:45:30 0 d-------- C:\Documents and Settings\fayik\Application Data\Mozilla
2008-05-16 23:49:55 0 d-------- C:\Program Files\Netflix
2008-05-16 19:19:31 0 d-------- C:\Program Files\Common Files\TechSmith Shared
2008-05-16 19:19:27 0 d-------- C:\Program Files\TechSmith
2008-05-13 22:25:04 0 d-------- C:\Program Files\LimeWire
2008-05-09 23:10:31 0 d-------- C:\Documents and Settings\fayik\Application Data\teamspeak2
2008-05-09 23:10:27 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-05-09 18:56:44 0 d-------- C:\Documents and Settings\fayik\Application Data\Uniblue
2008-05-07 15:45:41 0 d-------- C:\Documents and Settings\fayik\Application Data\gtk-2.0
2008-05-06 15:34:11 0 d-------- C:\Documents and Settings\fayik\Application Data\Help


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [04/05/2005 07:25 PM]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [08/10/2005 02:23 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [06/07/2005 11:03 PM]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [04/12/2005 07:18 PM]
"AGRSMMSG"="AGRSMMSG.exe" [04/12/2005 07:17 PM C:\WINDOWS\agrsmmsg.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [10/14/2004 06:28 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/14/2004 06:26 PM]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [09/07/2004 05:03 PM]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [04/26/2005 07:13 PM]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [03/17/2005 08:37 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [05/31/2005 08:33 AM]
"@"="" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/15/2004 02:27 PM]
"Notebook Maximizer"="C:\Program Files\Notebook Maximizer\maximizer_startup.exe" [05/04/2006 05:59 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/04/2007 02:00 PM]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe" [03/09/2005 04:00 AM]
"EPSON Stylus Photo R220 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe" [03/09/2005 04:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/28/2007 09:14 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1158709548\ee\AOLSoftware.exe" [09/25/2006 08:52 PM]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [08/06/2004 11:27 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 05:17 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 10/15/2004 02:27 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-06-27 12:22:14 ------------


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, June 27, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, June 27, 2008 16:39:33
Records in database: 890203
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 84327
Threat name: 3
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 01:23:25


File name / Threat name / Threats count
C:\Documents and Settings\fayik\Shared\threatened michael jackson.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\mehmet\Local Settings\Temp\mirc63.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 1
C:\Program Files\Microsoft Office\PowerPoint Viewer\PPTVIEW.EXE Infected: Email-Worm.Win32.Brontok.ct 1
C:\WORKSSETUP\MSWORKS\PFILES\OFFICE\PPV\PPTVIEW.EXE Infected: Email-Worm.Win32.Brontok.ct 1

The selected area was scanned.

Edited by Sefkart, 27 June 2008 - 01:47 PM.


#6 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:08:06 AM

Posted 27 June 2008 - 02:46 PM

Hi,

Thanks for the logs.

I see leftovers from a nasty worm.
This kinda junk is what is all over the p2p networks (downloads from limewire and similar programs)
I suggest either ditching p2p programs or at least taking more care in what you download.

Locate and delete the following:

C:\Documents and Settings\fayik\Shared\threatened michael jackson.mp3

The mIRC one Kaspersky listed -- is OK. It lists mIRC as a risk program.
As long as mIRC is used safely -- there is no issues.
By safely I mean not accepting files from people you don't know and not clicking links from untrusted sourses.

The others Kaspersky listed I am going to use another scanner on because brontok infection makes alot of exes that look like folders --- and are too easy to set off by accident.
Set that thing off & there will be a ton of copies all over the place near non killable.
This tool will make it safer to deal with.

Download Dr.Webs CureIt to your desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Double-click the drweb-cureit.exe file and allow it to run the express scan.

This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.

Once the short scan has finished, select the "full system scan"

Click the green arrow > to the right and the scan will begin.

At the first infection, select 'Yes to all' if it asks if you want to cure/move the file.

When the scan has finished, click the "Select all" toggle button (if available) next to the files found

Then click the green cup icon right below and select Move incurable

This will move any infected files to the %userprofile%\DoctorWeb\quarantaine-folder that can't be cured (in case if we need samples).

Then, from the main Dr.Web CureIt menu (top left), click File and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv and can be opened in notepad. (double click)

Close Dr.Web Cureit and Restart your computer to completely remove any stubborn files in reboot.

Post back with the DrWeb.csv report please.

--------------------------------------

Post fresh dss (main.txt) after you have installed one of the free antivirus programs I suggested in my previous post please.

Let me know how system is running.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#7 Guest_Sefkart_*

Guest_Sefkart_*

  • Guests
  • OFFLINE
  •  

Posted 27 June 2008 - 08:56 PM

I'm not sure if its safe, but MarketScore is the company of it i think, and when i was scanning on spybot, it popped up from avast

Posted Image


Mod Edit:Topic Silc_dll merged for continuity ~TMacK

Edited by TMacK, 27 June 2008 - 09:34 PM.


#8 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:08:06 AM

Posted 27 June 2008 - 09:39 PM

Copied/pasted from PM:

Drweb:

setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\AOL_OpenRide_1.22.61.1;Probably BACKDOOR.Trojan;Incurable.Moved.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024;Probably BACKDOOR.Trojan;Incurable.Moved.;
ocpinst.exe\data529;C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\ocpinst.exe;Probably BACKDOOR.Trojan;;
ocpinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024;Archive contains infected objects;Moved.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1;Probably BACKDOOR.Trojan;Incurable.Moved.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2;Probably BACKDOOR.Trojan;Incurable.Moved.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.3.30.1;Probably BACKDOOR.Trojan;Incurable.Moved.;
pv.exe;C:\Program Files\CasinoOnNet;Program.PrcView.3725;Incurable.Moved.;
A0035968.reg;C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP39;Trojan.StartPage.1505;Deleted.;
A0035993.SYS;C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP39;Trojan.NtRootKit.1025;Deleted.;
A0037980.reg;C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP40;Trojan.StartPage.1505;Deleted.;
A0040069.exe;C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP41;Program.PrcView.3725;Incurable.Moved.;
A0040346.exe\data529;C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP44\A0040346.exe;Probably BACKDOOR.Trojan;;
A0040346.exe;C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP44;Archive contains infected objects;Moved.;



Deckard's System Scanner v20071014.68
Run by fayik on 2008-06-27 20:05:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as fayik.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:34 PM, on 6/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1158709548\ee\AOLSoftware.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\fayik\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\fayik.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O5 "LPT1:" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P39 "EPSON Stylus Photo R220 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158709548\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-21-3182694505-1158989204-490781771-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3182694505-1158989204-490781771-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-3182694505-1158989204-490781771-1007\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 0: (no name) - http://dsmedia.ign.com/ds/image/object/742..._Wii_CIRCART_R2[1]boxart_160w.jpg

--
End of file - 8734 bytes

-- Files created between 2008-05-27 and 2008-06-27 -----------------------------

2008-06-27 20:02:17 0 d-------- C:\Program Files\Alwil Software
2008-06-27 16:03:37 0 d-------- C:\Documents and Settings\fayik\DoctorWeb
2008-06-27 11:42:40 0 dr-h----- C:\Documents and Settings\fayik\Recent
2008-06-27 11:33:59 0 d-------- C:\Program Files\Windows Defender
2008-06-26 20:16:22 0 d-------- C:\Documents and Settings\fayik\Application Data\CasinoOnNet
2008-06-26 16:45:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-26 15:55:27 0 d-------- C:\Program Files\Lavasoft
2008-06-26 15:55:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-26 15:53:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-26 15:33:36 0 --a------ C:\Documents and Settings\fayik\pslist
2008-06-26 14:31:44 0 d-------- C:\Program Files\Vstplugins
2008-06-26 14:29:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-06-26 01:00:06 0 d-------- C:\Program Files\Spyware Doctor
2008-06-26 01:00:06 0 d-------- C:\Documents and Settings\fayik\Application Data\PC Tools
2008-06-25 23:28:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-06-25 23:27:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-06-25 23:27:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\SendTo
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Cookies
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-25 23:27:36 1310720 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-25 23:05:58 0 d-------- C:\$AVG8.VAULT$
2008-06-25 23:03:51 0 d-------- C:\WINDOWS\system32\drivers\Avg(2)
2008-06-25 22:35:39 0 d-------- C:\Documents and Settings\fayik\Application Data\AVGTOOLBAR
2008-06-25 22:35:23 0 d-------- C:\Program Files\AVG(2)
2008-06-25 22:35:22 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8(2)
2008-06-25 21:39:15 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-18 13:51:18 0 d-------- C:\Documents and Settings\fayik\Application Data\vlc
2008-06-16 19:01:47 0 d-------- C:\Documents and Settings\mehmet\Application Data\MySpace
2008-06-14 13:04:03 0 d-------- C:\Program Files\AARONS CLIKER
2008-06-05 22:18:58 0 d-------- C:\Program Files\Norton Security Scan
2008-06-03 14:01:37 0 d-------- C:\Program Files\AIMTunes
2008-06-01 22:46:46 0 d-------- C:\Documents and Settings\fayik\Application Data\MySpace
2008-05-27 13:25:32 0 d-------- C:\Program Files\MSXML 6.0
2008-05-27 13:22:37 4718592 --a------ C:\Documents and Settings\fayik\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2008-06-27 00:44:13 3858 --a------ C:\Documents and Settings\fayik\Application Data\wklnhst.dat
2008-06-27 00:43:00 0 d-------- C:\Program Files\Pure Networks
2008-06-26 20:16:31 0 d-------- C:\Program Files\CasinoOnNet
2008-06-26 16:45:54 0 d-------- C:\Program Files\PokerStars
2008-06-26 16:43:42 0 d-------- C:\Program Files\Yahoo!
2008-06-26 15:53:33 0 d-------- C:\Program Files\Common Files
2008-06-26 14:54:18 0 d-------- C:\Program Files\SwiftKit
2008-06-26 14:38:49 0 d-------- C:\Program Files\SwiftSwitch
2008-06-26 14:38:25 0 d-------- C:\Program Files\AIM6
2008-06-26 14:38:04 0 d-------- C:\Program Files\Viewpoint
2008-06-26 14:34:26 0 d-------- C:\Program Files\Notebook Maximizer
2008-06-24 11:22:54 0 d-------- C:\Documents and Settings\fayik\Application Data\LimeWire
2008-06-23 01:32:32 4 --a------ C:\WINDOWS\system32\CE6C10
2008-06-19 15:16:32 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-18 21:19:58 0 d-------- C:\Program Files\Sony
2008-05-25 16:52:31 0 d-------- C:\Program Files\Microsoft SQL Server
2008-05-25 16:51:40 0 d-------- C:\Program Files\Sony Setup
2008-05-22 16:45:50 0 d-------- C:\Documents and Settings\fayik\Application Data\Adobe
2008-05-20 14:43:23 0 d-------- C:\Program Files\Winamp
2008-05-20 14:43:11 0 d-------- C:\Documents and Settings\fayik\Application Data\Winamp
2008-05-19 16:53:12 0 d-------- C:\Program Files\Trend Micro
2008-05-17 22:08:52 0 d-------- C:\Program Files\Bonjour
2008-05-17 22:08:49 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-17 21:56:46 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-17 19:35:24 0 d-------- C:\Program Files\Rhapsody
2008-05-17 19:34:10 0 d-------- C:\Documents and Settings\fayik\Application Data\Real
2008-05-17 19:33:23 0 d-------- C:\Program Files\Real
2008-05-17 13:12:50 0 d-------- C:\Documents and Settings\fayik\Application Data\Publish Providers
2008-05-17 13:12:22 0 d-------- C:\Documents and Settings\fayik\Application Data\Sony
2008-05-17 12:40:27 0 d-------- C:\Program Files\MSBuild
2008-05-17 12:35:51 0 d-------- C:\Program Files\Reference Assemblies
2008-05-17 12:28:51 0 d-------- C:\Documents and Settings\fayik\Application Data\Sony Setup
2008-05-17 00:45:30 0 d-------- C:\Documents and Settings\fayik\Application Data\Mozilla
2008-05-16 23:49:55 0 d-------- C:\Program Files\Netflix
2008-05-16 19:19:31 0 d-------- C:\Program Files\Common Files\TechSmith Shared
2008-05-16 19:19:27 0 d-------- C:\Program Files\TechSmith
2008-05-13 22:25:04 0 d-------- C:\Program Files\LimeWire
2008-05-09 23:10:31 0 d-------- C:\Documents and Settings\fayik\Application Data\teamspeak2
2008-05-09 23:10:27 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-05-09 18:56:44 0 d-------- C:\Documents and Settings\fayik\Application Data\Uniblue
2008-05-07 15:45:41 0 d-------- C:\Documents and Settings\fayik\Application Data\gtk-2.0
2008-05-06 15:34:11 0 d-------- C:\Documents and Settings\fayik\Application Data\Help


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [04/05/2005 07:25 PM]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [08/10/2005 02:23 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [06/07/2005 11:03 PM]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [04/12/2005 07:18 PM]
"AGRSMMSG"="AGRSMMSG.exe" [04/12/2005 07:17 PM C:\WINDOWS\agrsmmsg.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [10/14/2004 06:28 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/14/2004 06:26 PM]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [09/07/2004 05:03 PM]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [04/26/2005 07:13 PM]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [03/17/2005 08:37 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [05/31/2005 08:33 AM]
"@"="" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/15/2004 02:27 PM]
"Notebook Maximizer"="C:\Program Files\Notebook Maximizer\maximizer_startup.exe" [05/04/2006 05:59 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/04/2007 02:00 PM]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe" [03/09/2005 04:00 AM]
"EPSON Stylus Photo R220 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe" [03/09/2005 04:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/28/2007 09:14 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1158709548\ee\AOLSoftware.exe" [09/25/2006 08:52 PM]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [08/06/2004 11:27 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 07:19 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 05:17 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 10/15/2004 02:27 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-06-27 20:06:10 ------------

Will look over this and reply shortly. :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#9 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario

Posted 27 June 2008 - 09:40 PM

Hi,

I see items in your system restore referring to rootkit...

Let's check for that.

Download Gmer from here:

http://www.gmer.net/gmer.zip

Unzip it to its own folder.
Disconnect from internet & shut down Antivirus to prevent conflicts.
Shut down also any other unneeded apps including any open browser windows.
The less stuff we got running the less chance of false positives in log.
Double click gmer.exe to run it.
Allow driver to install if asked (gmer.sys)
You may get a warning at program start that there is possible rootkit activity and do you want to run scan.

Say OK to run scan.
If no warning, just click "scan".
Let the scan finish.
Once done press "save"
In the new window that pops up, give the log a name and save it someplace handy.
Press save.

Re-enable your antivirus, re-connect to internet & post that log here

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#10 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:08:06 AM

Posted 27 June 2008 - 11:30 PM

Copy and pasted from member's PM:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-06-27 23:46:36
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB96A0588]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB96A0444]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB96A0922]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB96A001C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB96A051E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB969FF5C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB969FFC0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB96A063E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB96A05FE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB96A077E]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Common Files\AOL\1158709548\ee\AOLSoftware.exe[700] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1158709548\ee\AOLSoftware.exe[700] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1158709548\ee\AOLSoftware.exe[700] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1158709548\ee\AOLSoftware.exe[700] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1158709548\ee\AOLSoftware.exe[700] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1158709548\ee\AOLSoftware.exe[700] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1158709548\ee\AOLSoftware.exe[700] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1158709548\ee\AOLSoftware.exe[700] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1158709548\ee\AOLSoftware.exe[700] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1158709548\ee\AOLSoftware.exe[700] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1158709548\ee\AOLSoftware.exe[700] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1158709548\ee\AOLSoftware.exe[700] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[900] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[900] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[900] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[900] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[900] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[900] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[900] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[900] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[900] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[900] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[900] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[900] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\WINDOWS\system32\services.exe[1108] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[1108] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1568] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Modules - GMER 1.0.14 ----

Module  (*** hidden *** ) BAACF000-BAAD9000 (40960 bytes)

---- EOF - GMER 1.0.14 ----


The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#11 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario

Posted 28 June 2008 - 02:53 PM

Hi sefkart,

Thanks for the log.
Please don't PM me or other member/helpers the logs --- just post em here, Thanks :thumbsup:

Let's run Gmer a bit different.

Click start> run> type gmer and hit enter.
Wait till it does its pre-scan. (hourglass quits)
Right click in open window > options> click "Only Non MS Files"
Click "scan"
Wait till scan is done> save log> post log.
Leave Gmer open for next log.

Click the >>>> tab
Click "Autostart"
Click "scan" (do NOT check "show all")
Wait till done.
Click "copy"
Open notepad, Right click in open notepad> choose "paste"
Save log & post it here.

Exit Gmer.

Thanks :)
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#12 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:08:06 AM

Posted 28 June 2008 - 11:10 PM

Hi,

Those last 2 logs you PMed me got cut off.

Upload em here please:

http://www.bleepingcomputer.com/submit-mal....php?channel=20

copy/paste URL from this thread at the above page so I know who's logs they are please.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#13 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:08:06 AM

Posted 30 June 2008 - 04:15 AM

Thanks for the log.

Please disable Defender & Avast so neither interfere with fix.

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Untick the option to Unregister Dll's and Ocx's
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\windows\SYSTEM\NSCheck.exe
    C:\windows\Downloaded Program Files\setup.exe
    C:\windows\system32\model.dat
    C:\windows\system32\silc_dll.dll
    C:\windows\system32\opnsqr.exe
    C:\windows\system32\cosscfg.exe
    C:\windows\system32\LDPackage.dll
    C:\windows\system32\opls.dll
    C:\windows\system32\osrouter.dll
    C:\windows\system32\osmim.dll
    C:\windows\system32\osconfig.dll
    C:\windows\system32\okshook.dll
    C:\windows\system32\csloa.dll
    C:\Program Files\Microsoft Office\PowerPoint Viewer\PPTVIEW.EXE
    C:\WORKSSETUP\MSWORKS\PFILES\OFFICE\PPV\PPTVIEW.EXE
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\\C:\WINDOWS\Downloaded Program Files\setup.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/setup.exe
    HKEY_CLASSES_ROOT\clsid\{b2c03e2e-2219-4ff9-810a-540aca63f8d9}
    HKEY_CLASSES_ROOT\interface\{f88527e2-a8a7-4227-8683-05cfa4eec511}
    HKEY_CURRENT_USER\software\netsetter
    HKEY_LOCAL_MACHINE\software\classes\clsid\{2f9bfca0-082b-4aaf-96e5-6dc17ebc8335}
    HKEY_LOCAL_MACHINE\software\classes\interface\{f88527e2-a8a7-4227-8683-05cfa4eec511}
    HKEY_LOCAL_MACHINE\software\classes\nsconfig.nsbrowserconfig
    HKEY_LOCAL_MACHINE\software\classes\nsconfig.nsbrowserconfig.2
    HKEY_LOCAL_MACHINE\software\classes\typelib\{169c7855-c096-4d45-803b-6441552a7e92}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2f9bfca0-082b-4aaf-96e5-6dc17ebc8335}
    HKEY_LOCAL_MACHINE\software\netsetter


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
    It should only take a few seconds.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), save it to a new notepad file and copy/paste that log on your next reply.
    Located here:

    C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Along with your OTMoveIt log please post a new DSS log. (main.txt)

Let me know how system is running.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#14 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:08:06 AM

Posted 01 July 2008 - 04:10 PM

Copy/pasted from PM...

oldtimer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/setup.exe >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/setup.exe\\ not found.
< HKEY_CLASSES_ROOT\clsid\{b2c03e2e-2219-4ff9-810a-540aca63f8d9} >
Registry key HKEY_CLASSES_ROOT\clsid\{b2c03e2e-2219-4ff9-810a-540aca63f8d9}\\ not found.
< HKEY_CLASSES_ROOT\interface\{f88527e2-a8a7-4227-8683-05cfa4eec511} >
Registry key HKEY_CLASSES_ROOT\interface\{f88527e2-a8a7-4227-8683-05cfa4eec511}\\ not found.
< HKEY_CURRENT_USER\software\netsetter >
Registry key HKEY_CURRENT_USER\software\netsetter\\ not found.
< HKEY_LOCAL_MACHINE\software\classes\clsid\{2f9bfca0-082b-4aaf-96e5-6dc17ebc8335} >
Registry key HKEY_LOCAL_MACHINE\software\classes\clsid\{2f9bfca0-082b-4aaf-96e5-6dc17ebc8335}\\ not found.
< HKEY_LOCAL_MACHINE\software\classes\interface\{f88527e2-a8a7-4227-8683-05cfa4eec511} >
Registry key HKEY_LOCAL_MACHINE\software\classes\interface\{f88527e2-a8a7-4227-8683-05cfa4eec511}\\ not found.
< HKEY_LOCAL_MACHINE\software\classes\nsconfig.nsbrowserconfig >
Registry key HKEY_LOCAL_MACHINE\software\classes\nsconfig.nsbrowserconfig \\ not found.
< HKEY_LOCAL_MACHINE\software\classes\nsconfig.nsbrowserconfig.2 >
Registry key HKEY_LOCAL_MACHINE\software\classes\nsconfig.nsbrowserconfig.2\\ not found.
< HKEY_LOCAL_MACHINE\software\classes\typelib\{169c7855-c096-4d45-803b-6441552a7e92} >
Registry key HKEY_LOCAL_MACHINE\software\classes\typelib\{169c7855-c096-4d45-803b-6441552a7e92}\\ not found.
< HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2f9bfca0-082b-4aaf-96e5-6dc17ebc8335} >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2f9bfca0-082b-4aaf-96e5-6dc17ebc8335}\\ not found.
< HKEY_LOCAL_MACHINE\software\netsetter >
Registry key HKEY_LOCAL_MACHINE\software\netsetter\\ not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07012008_131909


ds

Deckard's System Scanner v20071014.68
Run by fayik on 2008-07-01 13:28:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as fayik.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:48 PM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SwiftKit\SwiftKit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Documents and Settings\fayik\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\fayik.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P39 "EPSON Stylus Photo R220 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NodLogin] C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3182694505-1158989204-490781771-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jr...ows-i586-jc.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O24 - Desktop Component 0: (no name) - http://dsmedia.ign.com/ds/image/object/742..._Wii_CIRCART_R2[1]boxart_160w.jpg

--
End of file - 6080 bytes

-- Files created between 2008-06-01 and 2008-07-01 -----------------------------

2008-07-01 10:47:37 23 --a------ C:\Documents and Settings\fayik\jagex_runescape_preferences.dat
2008-07-01 00:39:38 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2008-06-28 21:26:56 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-28 20:39:42 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-06-28 16:11:47 0 dr-h----- C:\Documents and Settings\fayik\Recent
2008-06-27 22:03:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-06-27 22:03:01 0 d-------- C:\Program Files\Uniblue
2008-06-27 20:02:17 0 d-------- C:\Program Files\Alwil Software
2008-06-27 16:03:37 0 d-------- C:\Documents and Settings\fayik\DoctorWeb
2008-06-27 11:33:59 0 d-------- C:\Program Files\Windows Defender
2008-06-26 20:16:22 0 d-------- C:\Documents and Settings\fayik\Application Data\CasinoOnNet
2008-06-26 16:45:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-26 15:55:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-26 15:33:36 0 --a------ C:\Documents and Settings\fayik\pslist
2008-06-26 14:29:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-06-26 01:00:06 0 d-------- C:\Program Files\Spyware Doctor
2008-06-26 01:00:06 0 d-------- C:\Documents and Settings\fayik\Application Data\PC Tools
2008-06-25 23:28:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-06-25 23:27:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-06-25 23:27:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\SendTo
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Cookies
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2008-06-25 23:27:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-25 23:27:36 1310720 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-25 23:05:58 0 d-------- C:\$AVG8.VAULT$
2008-06-25 23:03:51 0 d-------- C:\WINDOWS\system32\drivers\Avg(2)
2008-06-25 22:35:39 0 d-------- C:\Documents and Settings\fayik\Application Data\AVGTOOLBAR
2008-06-25 22:35:23 0 d-------- C:\Program Files\AVG(2)
2008-06-25 22:35:22 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8(2)
2008-06-25 21:39:15 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-18 13:51:18 0 d-------- C:\Documents and Settings\fayik\Application Data\vlc
2008-06-16 19:01:47 0 d-------- C:\Documents and Settings\mehmet\Application Data\MySpace
2008-06-14 13:04:03 0 d-------- C:\Program Files\AARONS CLIKER
2008-06-05 22:18:58 0 d-------- C:\Program Files\Norton Security Scan
2008-06-03 14:01:37 0 d-------- C:\Program Files\AIMTunes
2008-06-01 22:46:46 0 d-------- C:\Documents and Settings\fayik\Application Data\MySpace


-- Find3M Report ---------------------------------------------------------------

2008-07-01 11:35:30 0 d-------- C:\Program Files\Java
2008-06-29 20:41:21 0 d-------- C:\Documents and Settings\fayik\Application Data\LimeWire
2008-06-29 16:41:35 0 d-------- C:\Program Files\SwiftKit
2008-06-28 16:03:57 4 --a------ C:\WINDOWS\system32\CE6C10
2008-06-28 16:01:43 0 d-------- C:\Program Files\Sonic
2008-06-28 16:00:37 0 d-------- C:\Program Files\SwiftSwitch
2008-06-28 15:58:36 0 d-------- C:\Program Files\Common Files
2008-06-27 22:03:13 0 d-------- C:\Documents and Settings\fayik\Application Data\Uniblue
2008-06-27 00:44:13 3858 --a------ C:\Documents and Settings\fayik\Application Data\wklnhst.dat
2008-06-27 00:43:00 0 d-------- C:\Program Files\Pure Networks
2008-06-26 20:16:31 0 d-------- C:\Program Files\CasinoOnNet
2008-06-26 16:45:54 0 d-------- C:\Program Files\PokerStars
2008-06-26 16:43:42 0 d-------- C:\Program Files\Yahoo!
2008-06-26 14:38:25 0 d-------- C:\Program Files\AIM6
2008-06-26 14:38:04 0 d-------- C:\Program Files\Viewpoint
2008-06-26 14:34:26 0 d-------- C:\Program Files\Notebook Maximizer
2008-06-19 15:16:32 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-18 21:19:58 0 d-------- C:\Program Files\Sony
2008-05-27 13:25:32 0 d-------- C:\Program Files\MSXML 6.0
2008-05-25 16:52:31 0 d-------- C:\Program Files\Microsoft SQL Server
2008-05-25 16:51:40 0 d-------- C:\Program Files\Sony Setup
2008-05-22 16:45:50 0 d-------- C:\Documents and Settings\fayik\Application Data\Adobe
2008-05-20 14:43:23 0 d-------- C:\Program Files\Winamp
2008-05-20 14:43:11 0 d-------- C:\Documents and Settings\fayik\Application Data\Winamp
2008-05-19 16:53:12 0 d-------- C:\Program Files\Trend Micro
2008-05-17 22:08:52 0 d-------- C:\Program Files\Bonjour
2008-05-17 22:08:49 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-17 21:56:46 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-17 19:35:24 0 d-------- C:\Program Files\Rhapsody
2008-05-17 19:34:10 0 d-------- C:\Documents and Settings\fayik\Application Data\Real
2008-05-17 19:33:23 0 d-------- C:\Program Files\Real
2008-05-17 13:12:50 0 d-------- C:\Documents and Settings\fayik\Application Data\Publish Providers
2008-05-17 13:12:22 0 d-------- C:\Documents and Settings\fayik\Application Data\Sony
2008-05-17 12:40:27 0 d-------- C:\Program Files\MSBuild
2008-05-17 12:35:51 0 d-------- C:\Program Files\Reference Assemblies
2008-05-17 12:28:51 0 d-------- C:\Documents and Settings\fayik\Application Data\Sony Setup
2008-05-17 00:45:30 0 d-------- C:\Documents and Settings\fayik\Application Data\Mozilla
2008-05-16 23:49:55 0 d-------- C:\Program Files\Netflix
2008-05-13 22:25:04 0 d-------- C:\Program Files\LimeWire
2008-05-09 23:10:31 0 d-------- C:\Documents and Settings\fayik\Application Data\teamspeak2
2008-05-09 23:10:27 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-05-07 15:45:41 0 d-------- C:\Documents and Settings\fayik\Application Data\gtk-2.0
2008-05-06 15:34:11 0 d-------- C:\Documents and Settings\fayik\Application Data\Help


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R220 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe" [03/09/2005 04:00 AM]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [06/10/2008 06:52 PM]
"NodLogin"="C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" [06/28/2008 09:13 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 10/15/2004 02:27 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R220 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O5 "LPT1:" /M "Stylus Photo R220"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1158709548\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notebook Maximizer]
C:\Program Files\Notebook Maximizer\maximizer_startup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
c:\toshiba\ivp\ism\pinger.exe /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMax]
"C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
C:\Program Files\Toshiba\Tvs\TvsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
"C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide




-- End of Deckard's System Scanner: finished at 2008-07-01 13:29:23 ------------


Hi,

Logs look good.
Looks as though the items I had OTMoveIt2 remove were no longer present. ( I figured they were not -- was just double checking)

"mehmet" still an active user account on that machine?

How is the machine running now?
Still getting warnings from Avast?

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#15 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:08:06 AM

Posted 07 July 2008 - 02:57 PM

Sefkart:

You OK?
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users