Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware.purityscan Infection


  • This topic is locked This topic is locked
10 replies to this topic

#1 Dawgs

Dawgs

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 01 August 2008 - 07:56 PM

First time user of this Forum. Have seem to have gotten the Adware.PurityScan Virus and Norton's can only do a partial deletion and then asks me to reboot and then it keeps coming back. Have also had a problem with Tojan Vundo the last week, but I think I got rid of it.

Any help you could provide would be greatly appreciated. Thanks a ton!
Dawgs

Here's the logfile:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:25 PM, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\sdwork\issimsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\HCWemMON.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DoScan.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {33595C82-7099-4A54-8AB6-38DC6018E8E9} - C:\WINDOWS\system32\qoMcdBrO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {BE7A61C9-EE77-4A4C-9D52-E92A1E632CDF} - C:\WINDOWS\system32\wvUnMeDW.dll
O2 - BHO: {d5038f90-677f-efb8-f8c4-e8f138bcf5ae} - {ea5fcb83-1f8e-4c8f-8bfe-f77609f8305d} - C:\WINDOWS\system32\nivvwi.dll
O2 - BHO: (no name) - {F8AC36D7-F602-4B69-99B5-2A812E05779F} - C:\WINDOWS\system32\pmnmnlKe.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IBMPRC] c:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [emMON] HCWemMON.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [40dd8b65] rundll32.exe "C:\WINDOWS\system32\goiwphuv.dll",b
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-1683056158-2375859278-3124077611-1009\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (User 'Nick')
O4 - HKUS\S-1-5-21-1683056158-2375859278-3124077611-1009\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Nick')
O4 - HKUS\S-1-5-21-1683056158-2375859278-3124077611-1009\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp (User 'Nick')
O4 - HKUS\S-1-5-21-1683056158-2375859278-3124077611-1009\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User 'Nick')
O4 - HKUS\S-1-5-21-1683056158-2375859278-3124077611-1009\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe (User 'Nick')
O4 - HKUS\S-1-5-21-1683056158-2375859278-3124077611-1009\..\Run: [Ebc] "C:\WINDOWS\system32\CURITY~1\explorer.exe" -vt yazb (User 'Nick')
O4 - HKUS\S-1-5-21-1683056158-2375859278-3124077611-1009\..\Run: [Erqva] "C:\Program Files\Common Files\s?curity\?hkdsk.exe" (User 'Nick')
O4 - HKUS\S-1-5-21-1683056158-2375859278-3124077611-1009\..\Run: [Sakora] C:\Program Files\Sakora\Sakora.exe (User 'Nick')
O4 - HKUS\S-1-5-21-1683056158-2375859278-3124077611-1009\..\Run: [mjc] C:\Program Files\mjc\mjc.exe (User 'Nick')
O4 - HKUS\S-1-5-21-1683056158-2375859278-3124077611-1009\..\Run: [Ugnpuv] C:\WINDOWS\system32\s?curity\?srss.exe (User 'Nick')
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {08EE4BCE-527E-4760-B11A-B829415E9103} (MaxisGolfTeleX Control) - http://simgolf.ea.com/teleport/simgolf/MaxisGolfTeleX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/D...h2.1.0.0.68.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.freeworldgroup.com/games6/diner...tg.1.0.0.33.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.94.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.freeworldgroup.com/games6/weddi...sh.1.0.0.47.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com
O20 - AppInit_DLLs: nivvwi.dll
O20 - Winlogon Notify: pmnmnlKe - C:\WINDOWS\SYSTEM32\pmnmnlKe.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - c:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13105 bytes

BC AdBot (Login to Remove)

 


m

#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:32 PM

Posted 02 August 2008 - 09:01 AM

Hello Dawgs

Welcome to BleepingComputer :thumbsup:
========================
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 Dawgs

Dawgs
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 02 August 2008 - 09:23 PM

Thanks for your help. Here are the results for main.txt

Deckard's System Scanner v20071014.68
Run by Ken on 2008-08-02 22:08:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2008-08-03 02:08:32 UTC - RP17 - Deckard's System Scanner Restore Point
11: 2008-08-03 01:41:15 UTC - RP16 - System Checkpoint
10: 2008-08-02 01:25:03 UTC - RP15 - Last known good configuration
9: 2008-08-02 01:24:55 UTC - RP14 - Last known good configuration
8: 2008-08-02 01:24:55 UTC - RP13 - Last known good configuration


-- First Restore Point --
1: 2008-08-02 01:24:54 UTC - RP6 - Installed iTunes


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).
System Drive C: has 1.79 GiB (less than 15%) free.


-- HijackThis (run as Ken.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:34 PM, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\sdwork\issimsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\HCWemMON.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DoScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\temp\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ken.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2303783D-4E16-493B-90AB-CE7D57BEA7C3} - C:\WINDOWS\system32\wvUnMeDW.dll
O2 - BHO: (no name) - {33595C82-7099-4A54-8AB6-38DC6018E8E9} - C:\WINDOWS\system32\qoMcdBrO.dll
O2 - BHO: {569bfdeb-3281-363a-fec4-df2108225774} - {47752280-12fd-4cef-a363-1823bedfb965} - C:\WINDOWS\system32\czglwq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {F8AC36D7-F602-4B69-99B5-2A812E05779F} - C:\WINDOWS\system32\pmnmnlKe.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IBMPRC] c:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [emMON] HCWemMON.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [40dd8b65] rundll32.exe "C:\WINDOWS\system32\djcvanip.dll",b
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {08EE4BCE-527E-4760-B11A-B829415E9103} (MaxisGolfTeleX Control) - http://simgolf.ea.com/teleport/simgolf/MaxisGolfTeleX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/D...h2.1.0.0.68.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.freeworldgroup.com/games6/diner...tg.1.0.0.33.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.94.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.freeworldgroup.com/games6/weddi...sh.1.0.0.47.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com
O20 - AppInit_DLLs: nivvwi.dll bzbqgn.dll lxvwnz.dll wzvizd.dll czglwq.dll
O20 - Winlogon Notify: pmnmnlKe - C:\WINDOWS\SYSTEM32\pmnmnlKe.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - c:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11810 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - unable to read value
.js - JSFile - shell\open\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 SSHDRV65 - c:\windows\system32\drivers\sshdrv65.sys
R2 CDRPDACC (Arrowkey Device Access) - c:\program files\321studios\shared\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>
R2 ibmfilter - c:\windows\system32\drivers\ibmfilter.sys <Not Verified; IBM; FFE and RRU>
R2 PMEM - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 dump_wmimmc - c:\windows\system32\drivers\dump_wmimmc.sys
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 oUltraf - c:\documents and settings\chris\local settings\temp\oultraf.sys
S3 PcdrNdisuio (PCDRNDISUIO Usermode I/O Protocol) - c:\windows\system32\drivers\pcdrndisuio.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 psadd (IBM PSA Access Driver) - c:\windows\system32\drivers\psadd.sys <Not Verified; IBM Corporation; SMI Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 IBM Rapid Restore Ultra Service - "c:\program files\ibm\ibm rapid restore ultra\rrpcsb.exe" <Not Verified; ; rrpcsb Module>
R2 ISSIMon (ISSI EZUpdate) - c:\sdwork\issimsvc.exe <Not Verified; IBM Global Services; >
R2 NetCfgSvr (Network Configuration Service) - c:\progra~1\at&tne~1\netcfgsv.exe <Not Verified; AT&T; NetCfgSvr Module>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 navapsvc (Norton AntiVirus Auto-Protect Service) - "c:\program files\norton antivirus\navapsvc.exe" (file missing)
S3 PsaSrv (IBM PSA Access Driver Control) - c:\windows\system32\psasrv.exe (file missing)
S3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-07-02 and 2008-08-02 -----------------------------

2008-08-02 19:17:40 130432 --a------ C:\WINDOWS\system32\czglwq.dll
2008-08-02 19:17:36 130432 --a------ C:\WINDOWS\system32\dswcehjc.dll
2008-08-02 19:17:21 98688 --a------ C:\WINDOWS\system32\djcvanip.dll
2008-08-02 10:42:52 130432 --a------ C:\WINDOWS\system32\wzvizd.dll
2008-08-02 10:42:51 130432 --a------ C:\WINDOWS\system32\qwrtvvgu.dll
2008-08-01 22:29:26 129920 --a------ C:\WINDOWS\system32\lxvwnz.dll
2008-08-01 22:29:26 129920 --a------ C:\WINDOWS\system32\jsfmkjfr.dll
2008-08-01 21:27:48 129920 --a------ C:\WINDOWS\system32\bzbqgn.dll
2008-08-01 21:27:45 129920 --a------ C:\WINDOWS\system32\pxxbybtb.dll
2008-08-01 20:29:33 0 d-------- C:\Program Files\Trend Micro
2008-08-01 20:28:30 316536 --a------ C:\WINDOWS\system32\yayvSkji.dll
2008-08-01 14:22:48 129920 --a------ C:\WINDOWS\system32\nivvwi.dll
2008-08-01 14:22:47 129920 --a------ C:\WINDOWS\system32\jowpkxcr.dll
2008-08-01 14:19:46 789867 --ahs---- C:\WINDOWS\system32\OrBdcMoq.ini2
2008-08-01 14:19:39 322816 --a------ C:\WINDOWS\system32\qoMcdBrO.dll
2008-07-31 23:01:38 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-07-31 22:59:21 120960 --a------ C:\WINDOWS\system32\ttmnmy.dll
2008-07-31 22:59:20 120960 --a------ C:\WINDOWS\system32\yqeblikd.dll
2008-07-31 21:00:58 120960 --a------ C:\WINDOWS\system32\erjclp.dll
2008-07-31 21:00:57 120960 --a------ C:\WINDOWS\system32\poywbkvj.dll
2008-07-30 22:51:58 0 --a------ C:\WINDOWS\system32\vxsxdcvt.dll
2008-07-30 22:50:07 347 --ahs---- C:\WINDOWS\system32\ybdeKkkj.ini2
2008-07-30 22:49:43 323328 --a------ C:\WINDOWS\system32\jkkKedby.dll
2008-07-30 21:37:53 0 --a------ C:\WINDOWS\system32\efkhfvfr.dll
2008-07-30 21:37:45 0 --a------ C:\WINDOWS\system32\mrqxragu.dll
2008-07-30 21:27:40 0 --a------ C:\WINDOWS\system32\ghekkq.dll
2008-07-30 21:27:39 0 --a------ C:\WINDOWS\system32\nybcnucg.dll
2008-07-30 21:26:45 0 --a------ C:\WINDOWS\system32\dhjupoxp.dll
2008-07-30 19:00:58 0 d-------- C:\Documents and Settings\Pat\Application Data\Adobe
2008-07-30 13:50:05 0 d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-07-30 13:47:12 0 d-------- C:\Program Files\NCH Software
2008-07-30 13:33:53 0 --a------ C:\WINDOWS\system32\xjgfyodp.dll
2008-07-30 13:30:31 0 --a------ C:\WINDOWS\system32\shoxtl.dll
2008-07-30 13:30:30 0 --a------ C:\WINDOWS\system32\vyeenbcu.dll
2008-07-29 23:59:11 0 --a------ C:\WINDOWS\system32\elzfju.dll
2008-07-29 23:59:10 0 --a------ C:\WINDOWS\system32\tlvglhht.dll
2008-07-29 23:42:31 630169 --ahs---- C:\WINDOWS\system32\nXbKnnnn.ini2
2008-07-29 23:38:20 0 --a------ C:\WINDOWS\system32\nnnnKbXn.dll
2008-07-29 20:58:19 0 d-------- C:\Program Files\iPod
2008-07-29 20:58:01 0 d-------- C:\Program Files\iTunes
2008-07-29 13:30:59 0 --a------ C:\WINDOWS\system32\wkmctz.dll
2008-07-29 11:26:41 0 d-------- C:\Program Files\Bonjour
2008-07-28 14:02:31 0 d-------- C:\Documents and Settings\Nick\Application Data\LimeWire
2008-07-28 14:01:48 0 d-------- C:\Program Files\LimeWire
2008-07-28 13:26:45 0 --a------ C:\WINDOWS\system32\nnshyx.dll
2008-07-28 13:26:41 0 --a------ C:\WINDOWS\system32\embyurln.dll
2008-07-28 13:23:37 0 --a------ C:\WINDOWS\system32\sploqixl.dll
2008-07-27 21:29:47 0 d-------- C:\Program Files\SynchStep Prep
2008-07-27 16:53:39 631012 --ahs---- C:\WINDOWS\system32\yIjjQXbc.ini2
2008-07-27 16:53:30 0 --a------ C:\WINDOWS\system32\cbXQjjIy.dll
2008-07-26 18:38:32 0 d-------- C:\WINDOWS\pss
2008-07-26 13:27:27 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-07-26 12:21:54 0 d-------- C:\WINDOWS\system32\Adobe
2008-07-26 12:18:02 116864 --a------ C:\WINDOWS\system32\ngzprd.dll
2008-07-26 12:18:01 116864 --a------ C:\WINDOWS\system32\axoktynj.dll
2008-07-26 12:02:28 116864 --a------ C:\WINDOWS\system32\cllsrv.dll
2008-07-26 12:02:24 116864 --a------ C:\WINDOWS\system32\xfuycdks.dll
2008-07-19 22:16:38 93184 --a------ C:\WINDOWS\system32\cbtrrqiy.dll
2008-07-19 00:16:35 66831002 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-07-18 19:59:13 93184 -----n--- C:\WINDOWS\system32\axwmknps.dll
2008-07-18 18:45:36 0 d-------- C:\Documents and Settings\Chris\Application Data\Adobe
2008-07-18 17:27:50 0 d-------- C:\WINDOWS\system32\s?curity
2008-07-18 12:00:26 358 --ahs---- C:\WINDOWS\system32\rruENqss.ini2
2008-07-17 22:07:19 0 d-------- C:\Documents and Settings\Ken\Application Data\Adobe
2008-07-17 19:44:03 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-07-17 19:44:02 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-07-17 16:54:53 0 d-------- C:\Program Files\Sakora
2008-07-17 16:44:08 92672 --a------ C:\WINDOWS\system32\socrnbsk.dll
2008-07-17 16:43:40 116352 --a------ C:\WINDOWS\system32\dmvigc.dll
2008-07-17 16:43:38 116352 --a------ C:\WINDOWS\system32\kowpobko.dll
2008-07-17 16:43:06 0 d-------- C:\Program Files\mjc
2008-07-16 15:12:00 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-07-16 14:05:49 0 d-------- C:\WINDOWS\wfuu
2008-07-16 14:05:49 0 d-------- C:\Program Files\Common Files\wfuu
2008-07-16 14:00:25 0 d-------- C:\WINDOWS\system32\??curity
2008-07-16 13:54:50 0 d-------- C:\Documents and Settings\Nick\Application Data\SpeedRunner
2008-07-16 13:44:18 0 d-------- C:\Program Files\Webtools
2008-07-16 13:44:18 0 d-------- C:\Program Files\Temporary
2008-07-16 13:41:13 92672 --a------ C:\WINDOWS\system32\xiluhgfv.dll
2008-07-13 10:50:19 116864 --a------ C:\WINDOWS\system32\tngrdv.dll
2008-07-13 10:50:17 116864 --a------ C:\WINDOWS\system32\bpeviwer.dll
2008-07-13 10:47:45 93184 --a------ C:\WINDOWS\system32\vnqlsbkd.dll
2008-07-12 13:30:42 33152 --a------ C:\WINDOWS\system32\mlJAqQKc.dll
2008-07-12 13:30:38 33152 --a------ C:\WINDOWS\system32\jkkLDssT.dll
2008-07-12 13:26:30 33152 --a------ C:\WINDOWS\system32\awtusTkl.dll
2008-07-12 13:26:27 33152 --a------ C:\WINDOWS\system32\jkkLFXRl.dll
2008-07-12 09:49:05 5262 --ahs---- C:\WINDOWS\system32\WDeMnUvw.ini2
2008-07-12 09:48:44 322816 --a------ C:\WINDOWS\system32\wvUnMeDW.dll
2008-07-12 09:43:27 33152 --a------ C:\WINDOWS\system32\iifgFwuU.dll
2008-07-12 09:43:26 33152 --a------ C:\WINDOWS\system32\pmnmnlKe.dll
2008-07-02 19:17:21 0 d-------- C:\R4 Starter Pack


-- Find3M Report ---------------------------------------------------------------

2008-08-02 22:10:15 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-02 16:46:57 0 d-------- C:\Program Files\Diablo II
2008-08-01 22:47:09 40 --a------ C:\WINDOWS\system32\profile.dat
2008-07-29 15:26:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-29 12:59:14 0 d-------- C:\Program Files\QuickTime
2008-07-29 11:20:02 0 d-------- C:\Program Files\Apple Software Update
2008-07-27 19:35:41 0 d-------- C:\Program Files\Java
2008-07-27 19:27:26 0 d-------- C:\Program Files\AT&T Network client
2008-07-26 22:51:43 0 d-------- C:\Program Files\Symantec
2008-07-26 22:51:26 0 d-------- C:\Program Files\Common Files
2008-07-18 20:01:00 0 d-------- C:\Documents and Settings\Ken\Application Data\Mozilla
2008-07-17 21:55:31 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-01 15:13:04 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-30 22:32:03 35775 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-30 22:30:50 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-06-30 22:30:50 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-06-30 22:30:50 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-06-30 22:06:01 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-30 22:06:01 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-06-30 19:00:50 0 d-------- C:\Program Files\yGen
2008-06-30 19:00:32 2495281 --a------ C:\yGen_65434.exe <Not Verified; Spacejock Software; >
2008-06-29 22:02:59 0 d-------- C:\Program Files\GlobalSCAPE
2008-06-29 21:24:58 0 d-------- C:\Program Files\FAR
2008-06-29 20:20:42 0 d-------- C:\Program Files\WinSCP
2008-06-27 17:39:34 0 d-------- C:\Program Files\Ascaron Entertainment
2008-06-27 16:43:20 0 d-------- C:\Program Files\Common Files\EasyInfo
2008-06-27 16:19:21 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-06-26 22:50:55 0 d-------- C:\Program Files\ezwall
2008-06-25 15:37:33 1206366 --a------ C:\winrar.exe
2008-06-22 15:37:39 0 d-------- C:\Program Files\uTorrent
2008-06-20 15:55:03 0 d-------- C:\Program Files\Dreamlords


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2303783D-4E16-493B-90AB-CE7D57BEA7C3}]
07/12/2008 09:48 AM 322816 --a------ C:\WINDOWS\system32\wvUnMeDW.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33595C82-7099-4A54-8AB6-38DC6018E8E9}]
08/01/2008 02:19 PM 322816 --a------ C:\WINDOWS\system32\qoMcdBrO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47752280-12fd-4cef-a363-1823bedfb965}]
08/02/2008 07:17 PM 130432 --a------ C:\WINDOWS\system32\czglwq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8AC36D7-F602-4B69-99B5-2A812E05779F}]
07/12/2008 09:43 AM 33152 --a------ C:\WINDOWS\system32\pmnmnlKe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [07/27/2004 04:48 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [08/06/2004 11:27 AM]
"UC_Start"="C:\Program Files\IBM\Updater\\ucstartup.exe" [07/14/2004 07:34 PM]
"UC_SMB"="" []
"@"="" []
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe" [12/11/2004 12:03 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [09/02/2004 04:05 AM]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 04:01 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/21/2006 05:38 PM]
"IBMPRC"="c:\IBMTOOLS\UTILS\ibmprc.exe" [12/16/2004 06:41 AM]
"Mouse Suite 98 Daemon"="ICO.EXE" [07/14/2004 06:36 PM C:\WINDOWS\system32\ico.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [08/24/2005 03:50 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [08/24/2005 03:47 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [08/24/2005 03:51 PM]
"emMON"="HCWemMON.exe" [05/31/2006 12:24 PM C:\WINDOWS\HCWemMON.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [01/12/2006 04:40 PM]
"ISSI EZUpdate Service"="c:\sdwork\issimsvc.exe" [03/20/2006 01:37 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [03/14/2007 07:49 PM]
"stgclean"="c:\sdwork\w32main2.exe" [04/14/2008 09:44 AM]
"40dd8b65"="C:\WINDOWS\system32\djcvanip.dll" [08/02/2008 07:17 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [12/11/2004 12:03 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Broadband Networking.lnk - C:\WINDOWS\Installer\{2C84BB95-1DB9-4AC4-8750-F979BBCDD859}\_18be6784.exe [9/15/2005 12:33:08 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F8AC36D7-F602-4B69-99B5-2A812E05779F}"= C:\WINDOWS\system32\pmnmnlKe.dll [07/12/2008 09:43 AM 33152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmnlKe]
pmnmnlKe.dll 07/12/2008 09:43 AM 33152 C:\WINDOWS\system32\pmnmnlKe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=nivvwi.dll bzbqgn.dll lxvwnz.dll wzvizd.dll czglwq.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\wvUnMeDW
"Notification Packages"= scecli pwdmon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1147987455\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

*Newly Created Service* - EGATHDRV



-- End of Deckard's System Scanner: finished at 2008-08-02 22:13:36 ------------

*******************************************************************************
Here are the the results for extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.93GHz
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 502.48 MiB / 172.26 MiB
Pagefile Memory (total/avail): 1227.09 MiB / 633.22 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.73 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 33.89 GiB total, 1.78 GiB free.
D: is CDROM (CDFS)
E: is Fixed (NTFS) - 149.05 GiB total, 106.88 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST340014AS 40Y8750LEN - 37.27 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 33.89 GiB - C:
\PARTITION1 - Unknown - 3.38 GiB

\\.\PHYSICALDRIVE1 - WDC WD1600AAJB-00PVA0 - 149.05 GiB - 1 partition
\PARTITION0 - Installable File System - 149.05 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Worm Protection v2005 (Symantec)
FW: Symantec Client Firewall v8.7.4.110 (Symantec Corporation)
AV: Symantec AntiVirus Corporate Edition v10.1.6.6000 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe:*:Enabled:IBM Update Connector"
"C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe:*:Enabled:IBM Update Connector"
"C:\\Program Files\\IBM\\Updater\\ucsmb.exe"="C:\\Program Files\\IBM\\Updater\\ucsmb.exe:*:Enabled:IBM Update Connector"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe:*:Enabled:IBM Update Connector"
"C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe:*:Enabled:IBM Update Connector"
"C:\\Program Files\\IBM\\Updater\\ucsmb.exe"="C:\\Program Files\\IBM\\Updater\\ucsmb.exe:*:Enabled:IBM Update Connector"
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"="C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe:*:Enabled:Microsoft Broadband Networking Configuration"
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"="C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe:*:Disabled:Microsoft Broadband Networking Update Utility"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Disabled:Warcraft III"
"C:\\Program Files\\TimeGate Studios\\Kohan II Kings of War\\k2.exe"="C:\\Program Files\\TimeGate Studios\\Kohan II Kings of War\\k2.exe:*:Disabled:k2"
"C:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"="C:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Guild Wars\\Gw.exe"="C:\\Program Files\\Guild Wars\\Gw.exe:*:Disabled:Guild Wars"
"C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Kylotonn Entertainment\\Bet on Soldier\\BoS.exe"="C:\\Program Files\\Kylotonn Entertainment\\Bet on Soldier\\BoS.exe:*:Enabled:BoS"
"C:\\Program Files\\Wizet\\MapleStory\\NewPatcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\BYOND\\bin\\dreamseeker.exe"="C:\\Program Files\\BYOND\\bin\\dreamseeker.exe:*:Enabled:dreamseeker"
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth ™ II\\game.dat"="C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth ™ II\\game.dat:*:Enabled:The Battle for Middle-earth™ II"
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth ™ II\\patchget.dat"="C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth ™ II\\patchget.dat:*:Enabled:patchgrabber"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1147987455\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1147987455\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1147987455\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1147987455\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\WINDOWS\\Fonts\\lsass.exe"="C:\\WINDOWS\\Fonts\\lsass.exe:*:Disabled:Guild Wars Hacks "
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\Dreamlords\\dreamlords.exe"="C:\\Program Files\\Dreamlords\\dreamlords.exe:*:Enabled:Dreamlords Game Client"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"E:\\Neverwinter Nights 2\\nwn2main.exe"="E:\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"E:\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="E:\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"E:\\Neverwinter Nights 2\\nwupdate.exe"="E:\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"E:\\Neverwinter Nights 2\\nwn2server.exe"="E:\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\\Program Files\\Diablo II\\Diablo II.exe"="C:\\Program Files\\Diablo II\\Diablo II.exe:*:Enabled:Diablo II - Lord of Destruction"
"C:\\Program Files\\AT&T Network client\\NetClient.exe"="C:\\Program Files\\AT&T Network client\\NetClient.exe:*:Enabled:Network access client"
"C:\\sdwork\\W32MAIN2.EXE"="C:\\sdwork\\W32MAIN2.EXE:*:Enabled:OSP Windows 32-bit ESD API"
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ken\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=IBM-9723275FABF
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ken
IBMSHARE=C:\IBMSHARE
LOGONSERVER=\\IBM-9723275FABF
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\Downloaded Program Files;c:\Program Files\PC-Doctor for Windows\;C:\IBMTOOLS\Python22;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.pyo;.pyc;.py;.pyw
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
PYTHONCASEOK=1
PYTHONPATH=C:\IBMTOOLS\utils\support;C:\IBMTOOLS\utils\logger
QTJAVA=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
RRU=c:\Program Files\IBM\IBM Rapid Restore Ultra\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TCL_LIBRARY=C:\IBMTOOLS\Python22\tcl\tcl8.4
TEMP=C:\DOCUME~1\Ken\LOCALS~1\Temp
TK_LIBRARY=C:\IBMTOOLS\Python22\tcl\tk8.4
TMP=C:\DOCUME~1\Ken\LOCALS~1\Temp
USERDOMAIN=IBM-9723275FABF
USERNAME=Ken
USERPROFILE=C:\Documents and Settings\Ken
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Ken (admin)
Lori (admin)
Pat (admin)
Chris (admin)
Nick (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ivx D4 4.5.1 Decoder (remove only) --> "C:\Program Files\3ivx\3ivx D4 4.5.1 Decoder\uninstall.exe"
Access IBM --> MsiExec.exe /X{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}
Access IBM Message Center --> MsiExec.exe /X{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Toolbar 5.0 --> "C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AT&T Network Client --> C:\Program Files\AT&T Network client\NetUN.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CD Label Designer 3.3 --> "C:\Program Files\CD Label Designer\UninsHs.exe" /u=CD Label Designer
Cucusoft DVD to iPod Converter 7.07 --> "C:\Program Files\Cucusoft\ipod-converter\unins000.exe"
CuteFTP 8 Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91F34319-08DE-457A-99C0-0BCDFAC145B9}\Setup.exe" -l0x9
Data Lifeguard Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD X Copy Platinum 4.0.3 --> "C:\Program Files\321Studios\Platinum\uninstall.exe"
DVD X Rescue --> C:\PROGRA~1\321STU~1\DVDXRE~1\UNWISE.EXE C:\PROGRA~1\321STU~1\DVDXRE~1\INSTALL.LOG
Easy Wallpaper WorkShop --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\ezwall\ST5UNST.LOG"
Eragon Characters Screen Saver --> C:\WINDOWS\system32\Eragon Characters.scr /u
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
Guild Wars --> "C:\Program Files\Guild Wars\Gw.exe" -uninstall
Hauppauge English Help Files and Resources --> C:\PROGRA~1\WinTV\UNHLPeng.EXE C:\PROGRA~1\WinTV\WTV2Keng.LOG
Hauppauge WinTV Scheduler --> C:\PROGRA~1\WinTV\SCHEDU~1\uniSCHED.exe C:\PROGRA~1\WinTV\SCHEDU~1\uniSCHED.log
Hauppauge WinTV Soft PVR --> C:\PROGRA~1\WinTV\UNSftPVR.EXE C:\PROGRA~1\WinTV\softpvr.LOG
Hauppauge WinTV2000 --> C:\PROGRA~1\WinTV\UNTV32.EXE C:\PROGRA~1\WinTV\WINTV2K.LOG
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.1 - Scanjet 2400 Series --> MsiExec.exe /I{6F7ECD56-E224-4263-9B7E-158E5CECC43B}
HWC Codec Pack --> "C:\WINDOWS\system32\hauppauge\SMD07\Uninstall.exe" "C:\WINDOWS\system32\hauppauge\SMD07\install.log" -u
IBM 32-bit Runtime Environment for Java 2, v1.4.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E922961C-6DB6-41DE-9FEA-426DF3E9F81C} /l1033
IBM DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
IBM RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
IBM Rescue and Recovery with Rapid Restore --> MsiExec.exe /X{11783F13-C3A9-44A8-929B-21A476F65272}
IBM Themes --> MsiExec.exe /I{6CE96A14-61E2-48CC-837E-22710A953ADE}
IBM Update Connector --> MsiExec.exe /X{8D815BF3-2399-459C-B121-49373FEFB9E8}
Imagicon --> C:\Program Files\Devious Codeworks\Imagicon\Uninstall.exe
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
iTunes --> MsiExec.exe /I{8610BEA1-FD76-4340-8326-7946DDC2EE7B}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Joost ™ 0.12.0 --> C:\Program Files\Joost\uninst.exe
Jumper Movie Screensaver --> "C:\Program Files\Jumper Movie Screensaver\unins000.exe"
Lexmark Photo Center --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{523BD5B6-E904-493C-B902-1BC9B7D44DF4} /l1033
Lexmark Z700-P700 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBLUN5C.EXE -dLexmark Z700-P700 Series
LimeWire 4.18.3 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Microsoft Broadband Networking --> MsiExec.exe /I{2C84BB95-1DB9-4AC4-8750-F979BBCDD859}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Mouse Suite --> PMUninst.exe MouseSuite98
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Ken\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Neverwinter Nights 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly
Online Manuals for WinTV (English) --> C:\PROGRA~1\WinTV\UNTVmans.exe C:\PROGRA~1\WinTV\WinTVMan.LOG
PC-Doctor for Windows --> c:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{19C989C4-50AE-43A4-B06E-8C70FFFF852F} /l1033
Prism Video Converter --> C:\Program Files\NCH Software\Prism\uninst.exe
PSP Max Media Manager --> "C:\Program Files\Datel\PSP Max Media Manager\unins000.exe"
Quest 3.53 --> "C:\Program Files\Quest\unins000.exe"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Sacred --> "C:\Program Files\Ascaron Entertainment\Sacred\unins000.exe"
Samsung USB Driver (MCCI 4.16) --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1485ABFA-12D7-4107-9148-54EE30CDBA67}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Symantec Client Security --> MsiExec.exe /I{D0E46FF4-2775-4BD9-9467-B62B702D470E}
Videora iPod Converter 3.07 --> C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Wallpapers --> MsiExec.exe /I{F386C340-DF4B-4BBA-9503-420FB7EDB395}
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Media Connect --> msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect --> MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.0.7 --> "C:\Program Files\WinSCP\unins000.exe"
WinSCP plugin for FAR 1.5.1 --> "C:\Program Files\FAR\Plugins\WinSCP\unins000.exe"
yGen --> "C:\Program Files\yGen\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type19186 / Error
Event Submitted/Written: 08/02/2008 10:13:21 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Trojan.Vundo in File: C:\WINDOWS\system32\cbXQjjIy.dll by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Event Record #/Type19185 / Error
Event Submitted/Written: 08/02/2008 10:13:19 PM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Trojan.Vundo in File: C:\WINDOWS\system32\cbXQjjIy.dll by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Event Record #/Type19181 / Error
Event Submitted/Written: 08/02/2008 10:10:45 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Adware.Purityscan in File: c:\windows\system32\??curity\explorer.exe by: Startup scan. Action: Terminate Process Required. Action Description:

Event Record #/Type19180 / Error
Event Submitted/Written: 08/02/2008 10:10:39 PM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Adware.Purityscan in File: c:\windows\system32\??curity\explorer.exe by: Startup scan. Action: Quarantine failed. Action Description: The file was left unchanged.

Event Record #/Type19171 / Warning
Event Submitted/Written: 08/02/2008 09:58:18 PM
Event ID/Source: 4354 / EventSystem
Event Description:
The COM+ Event System failed to fire the ConnectionMade method on subscription {CD1DCBD6-A14D-4823-A0D2-8473AFDE360F}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type20302 / Warning
Event Submitted/Written: 08/02/2008 09:55:25 PM / 08/02/2008 09:56:29 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type20297 / Error
Event Submitted/Written: 08/02/2008 09:45:42 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the UMWdf service.

Event Record #/Type20296 / Error
Event Submitted/Written: 08/02/2008 09:45:42 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the Symantec AntiVirus service.

Event Record #/Type20295 / Error
Event Submitted/Written: 08/02/2008 09:43:36 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the Symantec AntiVirus service.

Event Record #/Type20294 / Error
Event Submitted/Written: 08/02/2008 09:04:05 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\system32\SHELL32.dll.
Reference error message: Error Message is unavailable
.



-- End of Deckard's System Scanner: finished at 2008-08-02 22:13:36 ------------

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:32 PM

Posted 02 August 2008 - 10:39 PM

You are welcome please disable all components of Norton before running Combofix.
You can right click on the Norton icon in your system tray nextto the clock and click on disable or turn off.
======================
Please visit this web page for instructions for downloading and running Combofix >ComboFix Instructions
This includes installing the Windows Recovery Console. Vista users do not need to do this
The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Post the log from ComboFix when you've accomplished all of that, along with a new HijackThis log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 Dawgs

Dawgs
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 03 August 2008 - 01:22 PM

I had to run combofix twice, the first time it never completed. The two logs are below.

Here is the combo fix log. Thanks for your help!

ComboFix 08-08-02.01 - Ken 2008-08-03 13:53:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.160 [GMT -4:00]
Running from: C:\Documents and Settings\Ken\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\jbnsbnqk.ini
.
---- Previous Run -------
.
C:\Documents and Settings\Ken\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\Nick\Application Data\macromedia\Flash Player\#SharedObjects\BSBFLL26\interclick.com
C:\Documents and Settings\Nick\Application Data\macromedia\Flash Player\#SharedObjects\BSBFLL26\interclick.com\ud.sol
C:\Documents and Settings\Nick\Application Data\macromedia\Flash Player\#SharedObjects\BSBFLL26\www.broadcaster.com
C:\Documents and Settings\Nick\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Nick\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Nick\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Nick\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Nick\Application Data\SpeedRunner
C:\Documents and Settings\Nick\Application Data\SpeedRunner\config.cfg
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\CPV.stt
C:\Program Files\mjc
C:\Program Files\Sakora
C:\Program Files\Sakora\Sakora.exe
C:\Program Files\Temporary
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\aaopfdhf.ini
C:\WINDOWS\system32\atnwtmnm.ini
C:\WINDOWS\system32\awtusTkl.dll
C:\WINDOWS\system32\axoktynj.dll
C:\WINDOWS\system32\axwmknps.dll
C:\WINDOWS\system32\bpeviwer.dll
C:\WINDOWS\system32\cbtrrqiy.dll
C:\WINDOWS\system32\cllsrv.dll
C:\WINDOWS\system32\curity~1
C:\WINDOWS\system32\curity~1\??curity\
C:\WINDOWS\system32\curity~1\explorer.exe
C:\WINDOWS\system32\dkbslqnv.ini
C:\WINDOWS\system32\dmvigc.dll
C:\WINDOWS\system32\eKTsuBeg.ini
C:\WINDOWS\system32\erjclp.dll
C:\WINDOWS\system32\gaxtawnc.ini
C:\WINDOWS\system32\gopwqems.ini
C:\WINDOWS\system32\hhjdykmt.ini
C:\WINDOWS\system32\idjdfrhh.ini
C:\WINDOWS\system32\iifgFwuU.dll
C:\WINDOWS\system32\iijigffu.ini
C:\WINDOWS\system32\jbnsbnqk.ini
C:\WINDOWS\system32\jkkKedby.dll
C:\WINDOWS\system32\jkkLDssT.dll
C:\WINDOWS\system32\jkkLFXRl.dll
C:\WINDOWS\system32\kowpobko.dll
C:\WINDOWS\system32\ksbnrcos.ini
C:\WINDOWS\system32\lxiqolps.ini
C:\WINDOWS\system32\lypawbnj.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mjjxppom.ini
C:\WINDOWS\system32\mlJAqQKc.dll
C:\WINDOWS\system32\moqsipnr.ini
C:\WINDOWS\system32\ngzprd.dll
C:\WINDOWS\system32\nXbKnnnn.ini
C:\WINDOWS\system32\nXbKnnnn.ini2
C:\WINDOWS\system32\pinavcjd.ini
C:\WINDOWS\system32\pmnmnlKe.dll
C:\WINDOWS\system32\poywbkvj.dll
C:\WINDOWS\system32\qoMcdBrO.dll
C:\WINDOWS\system32\rruENqss.ini
C:\WINDOWS\system32\rruENqss.ini2
C:\WINDOWS\system32\scurit~1
C:\WINDOWS\system32\scurit~1\?srss.exe
C:\WINDOWS\system32\socrnbsk.dll
C:\WINDOWS\system32\spnkmwxa.ini
C:\WINDOWS\system32\tngrdv.dll
C:\WINDOWS\system32\ttmnmy.dll
C:\WINDOWS\system32\uieavrdf.ini
C:\WINDOWS\system32\ungshrtf.ini
C:\WINDOWS\system32\vfghulix.ini
C:\WINDOWS\system32\vnqlsbkd.dll
C:\WINDOWS\system32\vuhpwiog.ini
C:\WINDOWS\system32\WDeMnUvw.ini
C:\WINDOWS\system32\WDeMnUvw.ini2
C:\WINDOWS\system32\wvUnMeDW.dll
C:\WINDOWS\system32\xfuycdks.dll
C:\WINDOWS\system32\xiluhgfv.dll
C:\WINDOWS\system32\xvywsyxt.ini
C:\WINDOWS\system32\yayvSkji.dll
C:\WINDOWS\system32\ybdeKkkj.ini
C:\WINDOWS\system32\ybdeKkkj.ini2
C:\WINDOWS\system32\yIjjQXbc.ini
C:\WINDOWS\system32\yIjjQXbc.ini2
C:\WINDOWS\system32\yiqrrtbc.ini
C:\WINDOWS\system32\yqeblikd.dll
C:\winrar.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OULTRAF
-------\Service_oUltraf
-------\Legacy_OULTRAF


((((((((((((((((((((((((( Files Created from 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))
.

2008-08-03 12:44 . 2008-08-03 12:44 1,380,352 --a------ C:\WINDOWS\system32\pinavcjd.tmp
2008-08-03 12:25 . 2008-08-03 12:25 2,677,049 --a------ C:\temp\ComboFix.exe
2008-08-03 11:19 . 2008-08-03 11:19 130,432 --a------ C:\WINDOWS\system32\vpmfdd.dll
2008-08-03 11:19 . 2008-08-03 11:19 130,432 --a------ C:\WINDOWS\system32\ooahjmue.dll
2008-08-03 11:18 . 2008-08-03 11:18 98,688 --a------ C:\WINDOWS\system32\kqnbsnbj.dll
2008-08-02 22:07 . 2008-08-02 22:07 <DIR> d-------- C:\Deckard
2008-08-02 22:07 . 2008-08-02 22:07 686,630 --a------ C:\temp\dss.exe
2008-08-02 19:17 . 2008-08-02 19:17 130,432 --a------ C:\WINDOWS\system32\dswcehjc.dll
2008-08-02 19:17 . 2008-08-02 19:17 130,432 --a------ C:\WINDOWS\system32\czglwq.dll
2008-08-02 10:42 . 2008-08-02 10:42 130,432 --a------ C:\WINDOWS\system32\wzvizd.dll
2008-08-02 10:42 . 2008-08-02 10:42 130,432 --a------ C:\WINDOWS\system32\qwrtvvgu.dll
2008-08-01 22:29 . 2008-08-01 22:29 129,920 --a------ C:\WINDOWS\system32\jsfmkjfr.dll
2008-08-01 21:27 . 2008-08-01 21:27 129,920 --a------ C:\WINDOWS\system32\pxxbybtb.dll
2008-08-01 20:29 . 2008-08-01 20:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-01 14:22 . 2008-08-01 14:22 129,920 --a------ C:\WINDOWS\system32\jowpkxcr.dll
2008-07-31 23:02 . 2008-07-31 23:02 173,456 --a------ C:\temp\FixVundo.exe
2008-07-30 13:50 . 2008-07-30 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-07-30 13:47 . 2008-07-30 13:47 <DIR> d-------- C:\Program Files\NCH Software
2008-07-29 20:58 . 2008-07-29 20:58 <DIR> d-------- C:\Program Files\iTunes
2008-07-29 20:58 . 2008-07-29 20:58 <DIR> d-------- C:\Program Files\iPod
2008-07-29 11:26 . 2008-07-29 11:26 <DIR> d-------- C:\Program Files\Bonjour
2008-07-28 14:02 . 2008-08-03 11:35 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\LimeWire
2008-07-28 14:01 . 2008-08-03 11:36 <DIR> d-------- C:\Program Files\LimeWire
2008-07-27 21:29 . 2008-07-27 21:37 <DIR> d-------- C:\Program Files\SynchStep Prep
2008-07-27 19:35 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-26 22:50 . 2008-07-26 22:51 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-07-26 22:50 . 2008-07-26 22:51 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-07-26 12:21 . 2008-07-26 12:22 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-19 00:16 . 2008-07-19 00:17 66,831,002 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-07-17 16:50 . 2008-07-17 16:50 72,566 --a------ C:\WINDOWS\system32\GameFly_2.ico
2008-07-16 14:12 . 2008-07-16 14:12 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-07-16 14:05 . 2008-07-16 14:05 <DIR> d-------- C:\WINDOWS\wfuu
2008-07-16 14:05 . 2008-07-17 22:26 <DIR> d-------- C:\Program Files\Common Files\wfuu
2008-07-16 13:44 . 2008-07-17 19:32 <DIR> d-------- C:\Program Files\Webtools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 17:42 --------- d-----w C:\Documents and Settings\Nick\Application Data\uTorrent
2008-08-03 16:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-02 20:46 --------- d-----w C:\Program Files\Diablo II
2008-07-29 19:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-29 16:59 --------- d-----w C:\Program Files\QuickTime
2008-07-29 15:20 --------- d-----w C:\Program Files\Apple Software Update
2008-07-27 23:35 --------- d-----w C:\Program Files\Java
2008-07-27 23:27 --------- d-----w C:\Program Files\AT&T Network client
2008-07-27 02:51 48,768 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-07-27 02:51 110,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-07-27 02:51 --------- d-----w C:\Program Files\Symantec
2008-07-10 13:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-01 19:13 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-01 19:13 --------- d-----w C:\Documents and Settings\Nick\Application Data\AdobeUM
2008-07-01 02:30 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-07-01 02:30 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-07-01 02:30 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-07-01 02:06 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2008-07-01 02:06 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2008-06-30 23:06 391,197 ----a-w C:\d2-cdkey.zip
2008-06-30 23:05 641,676 ----a-w C:\lod28b1.zip
2008-06-30 23:00 2,495,281 ----a-w C:\yGen_65434.exe
2008-06-30 23:00 --------- d-----w C:\Program Files\yGen
2008-06-30 22:30 6,131 ----a-w C:\free_cdkeys.zip
2008-06-30 02:02 --------- d-----w C:\Program Files\GlobalSCAPE
2008-06-30 01:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
2008-06-30 01:51 --------- d-----w C:\Documents and Settings\Nick\Application Data\GlobalSCAPE
2008-06-30 01:24 --------- d-----w C:\Program Files\FAR
2008-06-30 00:20 --------- d-----w C:\Program Files\WinSCP
2008-06-28 21:56 361,428 ----a-w C:\narutoshippuuden.zip
2008-06-28 21:56 14,476,142 ----a-w C:\0434_New_Super_Mario_Bros_USA_NDS-pSyDS.zip
2008-06-28 21:53 12,127,254 ----a-w C:\0037_Super_Mario_64_DS_PROPER_USA_NDS-TRM.zip
2008-06-28 18:57 19,281,675 ----a-w C:\0168_Mario_Kart_DS_USA_NDS-SCZ.zip
2008-06-28 18:51 43,274,838 ----a-w C:\Mario_Hoops_3_on_3.zip
2008-06-28 17:59 21,728,978 ----a-w C:\0223_Animal_Crossing_Wild_World_.zip
2008-06-28 17:56 69,597,065 ----a-w C:\R4 Starter Pack.zip
2008-06-27 21:45 120,320 ----a-w C:\WINDOWS\system32\drivers\SSHDRV65.sys
2008-06-27 21:39 --------- d-----w C:\Program Files\Ascaron Entertainment
2008-06-27 21:03 4,451,728 ----a-w C:\isobuster_all_lang.exe
2008-06-27 20:43 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-06-27 20:19 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-06-27 20:09 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-27 20:09 --------- d-----w C:\Documents and Settings\Nick\Application Data\DAEMON Tools
2008-06-27 20:08 3,702,216 ----a-w C:\daemon4123-lite.exe
2008-06-27 02:50 --------- d-----w C:\Program Files\ezwall
2008-06-22 19:37 --------- d-----w C:\Program Files\uTorrent
2008-06-20 19:55 --------- d-----w C:\Program Files\Dreamlords
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 01:17 --------- d-----w C:\Documents and Settings\Nick\Application Data\Dreamlords
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-30 18:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 18:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 18:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 18:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 18:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 18:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 18:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-01-22 22:54 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2006-09-01 14:07 0 ---ha-w C:\Documents and Settings\Lori\hpothb07.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8e34ed06-25f6-43ea-afd4-f3ce460d0434}]
2008-08-03 11:19 130432 --a------ C:\WINDOWS\system32\vpmfdd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2004-12-11 00:03 446464]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 16:48 1388544]
"UC_Start"="C:\Program Files\IBM\Updater\\ucstartup.exe" [2004-07-14 19:34 36864]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe" [2004-12-11 00:03 446464]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-09-02 04:05 127035]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 04:01 110592]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 17:38 52840]
"IBMPRC"="c:\IBMTOOLS\UTILS\ibmprc.exe" [2004-12-16 06:41 90112]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-24 15:50 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-24 15:47 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-24 15:51 114688]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
"ISSI EZUpdate Service"="c:\sdwork\issimsvc.exe" [2006-03-20 13:37 195584]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2007-03-14 19:49 125632]
"stgclean"="c:\sdwork\w32main2.exe" [2008-04-14 09:44 272896]
"40dd8b65"="C:\WINDOWS\system32\kqnbsnbj.dll" [2008-08-03 11:18 98688]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 18:36 57344 C:\WINDOWS\system32\ico.exe]
"emMON"="HCWemMON.exe" [2006-05-31 12:24 61440 C:\WINDOWS\HCWemMON.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Broadband Networking.lnk - C:\WINDOWS\Installer\{2C84BB95-1DB9-4AC4-8750-F979BBCDD859}\_18be6784.exe [2005-09-15 00:33:08 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec_dec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2005-11-02 23:01 50792 C:\Program Files\Common Files\AOL\Launch\aollaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-10 09:47 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2005-11-02 23:01 50792 C:\Program Files\Common Files\AOL\1147987455\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-05 18:03 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-04-17 13:42 69632 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Guild Wars\\Gw.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1147987455\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1147987455\\ee\\aim6.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Dreamlords\\dreamlords.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Neverwinter Nights 2\\nwn2main.exe"=
"E:\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"E:\\Neverwinter Nights 2\\nwupdate.exe"=
"E:\\Neverwinter Nights 2\\nwn2server.exe"=
"C:\\Program Files\\Diablo II\\Diablo II.exe"=
"C:\\Program Files\\AT&T Network client\\NetClient.exe"=
"C:\\sdwork\\W32MAIN2.EXE"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 SSHDRV65;SSHDRV65;C:\WINDOWS\system32\drivers\SSHDRV65.sys [2008-06-27 17:45]
R2 ibmfilter;ibmfilter;c:\WINDOWS\system32\drivers\ibmfilter.sys [2004-12-16 07:12]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
R3 ABVPN2K;Net Firewall Miniport Interface;C:\WINDOWS\system32\DRIVERS\abvpn2k.sys [2004-02-16 15:56]
R3 avpnnic;AGN Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\avpnnic.sys [2003-04-04 12:48]
R3 MSFT43XX;Microsoft Wireless Notebook Adapter Driver;C:\WINDOWS\system32\DRIVERS\mn720-50.sys [2003-07-18 03:05]
R3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 16:55]
R3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 16:25]
S3 dump_wmimmc;dump_wmimmc;C:\WINDOWS\system32\drivers\dump_wmimmc.sys [2007-06-13 10:28]
S3 USB28xxBGA;WinTV HVR-900;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-09-13 12:21]
S3 USB28xxOEM;WinTV OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-09-13 12:21]

*Newly Created Service* - ISLNDIS5
.
- - - - ORPHANS REMOVED - - - -

BHO-{09BA2602-8837-4A98-8590-FDC910B6BD23} - C:\WINDOWS\system32\wvUnMeDW.dll
HKLM-Run-UC_SMB - (no file)
Notify-pmnmnlKe - pmnmnlKe.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\2ukok6qh.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 13:58:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\jbnsbnqk.ini 1382137 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\kqnbsnbj.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\PELMICED.EXE
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-08-03 14:05:58 - machine was rebooted [Ken]
ComboFix-quarantined-files.txt 2008-08-03 18:05:52

Pre-Run: 4,841,439,232 bytes free
Post-Run: 4,769,816,576 bytes free

372 --- E O F --- 2008-07-09 03:01:56



-----------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------
Here is the hijackThis log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:12:05 PM, on 8/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\sdwork\issimsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\HCWemMON.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: {4340d064-ec3f-4dfa-ae34-6f5260de43e8} - {8e34ed06-25f6-43ea-afd4-f3ce460d0434} - C:\WINDOWS\system32\vpmfdd.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IBMPRC] c:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [emMON] HCWemMON.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [40dd8b65] rundll32.exe "C:\WINDOWS\system32\kqnbsnbj.dll",b
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {08EE4BCE-527E-4760-B11A-B829415E9103} (MaxisGolfTeleX Control) - http://simgolf.ea.com/teleport/simgolf/MaxisGolfTeleX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/D...h2.1.0.0.68.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.freeworldgroup.com/games6/diner...tg.1.0.0.33.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.94.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.freeworldgroup.com/games6/weddi...sh.1.0.0.47.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - c:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11139 bytes

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:32 PM

Posted 03 August 2008 - 01:45 PM

It appears you may have been using cracked software by the looks of some files in your logs these are a sure way to get infected and I do NOT recommend the continued use of these types of software.
=====================================
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

http://www.bleepingcomputer.com/forums/t/160947/adwarepurityscan-infection/?p=900443

Collect::
C:\WINDOWS\system32\kqnbsnbj.dll
C:\WINDOWS\system32\pinavcjd.tmp
C:\WINDOWS\system32\vpmfdd.dll
C:\WINDOWS\system32\ooahjmue.dll
C:\WINDOWS\system32\kqnbsnbj.dll
C:\WINDOWS\system32\dswcehjc.dll
C:\WINDOWS\system32\czglwq.dll
C:\WINDOWS\system32\wzvizd.dll
C:\WINDOWS\system32\qwrtvvgu.dll
C:\WINDOWS\system32\jsfmkjfr.dll
C:\WINDOWS\system32\pxxbybtb.dll
C:\WINDOWS\system32\jowpkxcr.dll
Rootkit::
C:\WINDOWS\system32\jbnsbnqk.ini 
File::
C:\yGen_65434.exe
Folder::
C:\Program Files\Viewpoint
C:\WINDOWS\wfuu
C:\Program Files\Common Files\wfuu
C:\d2-cdkey.zip
C:\free_cdkeys.zip
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8e34ed06-25f6-43ea-afd4-f3ce460d0434}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"40dd8b65"=-
Driver::
Viewpoint Manager Service

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. Additonally, ComboFix will generate the following files on your desktop
  • A zipped file on your desktop called Submit [Date Time].zip
  • And another file named - CF-Submit.htm
6. ComboFix may need to reboot to finish its work. Let it.

7. When CF has finished running, it will generate the ComboFix.log which will appear on your screen.

8. If CF-Submit.htm is detected, ComboFix will generate this message box:

Posted Image

Clicking OK will cause the machine's browser to load CF-Submit.htm

Posted Image

9. Click the "Browse" button and locate the Submit [Date Time].zip file on your desktop.
  • Click on the file to Select it.
  • Submit the file by clicking "OK"
10. Once the file has been submitted, please DELETE both files on your desktop.

11. Post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log (run after ComboFix has finished its work.)

Edited by kahdah, 03 August 2008 - 01:46 PM.
syntax

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 Dawgs

Dawgs
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 04 August 2008 - 07:49 PM

kahdah, Thanks for your help. I will talk to my boys that use this computer as their gaming PC about the cracked software.
I followed your instructions and ran combofix and Hijack.
I uploaded the CF submit.zip file for analysis.

Here is the combofix log file
----------------------------------------------------------------------------------

ComboFix 08-08-02.01 - Ken 2008-08-04 20:06:24.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.165 [GMT -4:00]
Running from: C:\Documents and Settings\Ken\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ken\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\yGen_65434.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\d2-cdkey.zip\
C:\free_cdkeys.zip\
C:\Program Files\Common Files\wfuu
C:\Program Files\Common Files\wfuu\wfuua.lck
C:\Program Files\Common Files\wfuu\wfuud\class-barrel
C:\Program Files\Common Files\wfuu\wfuud\vocabulary
C:\Program Files\Common Files\wfuu\wfuuh
C:\Program Files\Common Files\wfuu\wfuul.lck
C:\Program Files\Common Files\wfuu\wfuum.lck
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Common\VistaBoot.sdll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305001C.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MTSDownloadSites.txt
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
C:\Program Files\Viewpoint\Viewpoint Manager\CPtask.xml
C:\Program Files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCP.cpl
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\s.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_av.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_cp.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_up.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bg.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bottom.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab_bg.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_off.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_on.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_off.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_on.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vwpt_logo.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\options.ini
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\viewpoint.ico
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPexe.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0302021C.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0302021C_.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\ComponentMgr_Win.mtj
C:\Program Files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
C:\SetupDVDDecrypter_3.5.4.0.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\czglwq.dll
C:\WINDOWS\system32\dswcehjc.dll
C:\WINDOWS\system32\jbnsbnqk.ini
C:\WINDOWS\system32\jowpkxcr.dll
C:\WINDOWS\system32\jsfmkjfr.dll
C:\WINDOWS\system32\kqnbsnbj.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ooahjmue.dll
C:\WINDOWS\system32\pinavcjd.tmp
C:\WINDOWS\system32\pxxbybtb.dll
C:\WINDOWS\system32\qwrtvvgu.dll
C:\WINDOWS\system32\vpmfdd.dll
C:\WINDOWS\system32\wzvizd.dll
C:\WINDOWS\wfuu
C:\WINDOWS\wfuu\wfuu.dat
C:\WINDOWS\wfuu\wu
C:\yGen_65434.exe
E:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VIEWPOINT_MANAGER_SERVICE
-------\Service_Viewpoint Manager Service


((((((((((((((((((((((((( Files Created from 2008-07-05 to 2008-08-05 )))))))))))))))))))))))))))))))
.


------------------------------------------------------------------------------
Here is the Hijack File

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:36:38 PM, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\sdwork\issimsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\HCWemMON.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IBMPRC] c:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [emMON] HCWemMON.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {08EE4BCE-527E-4760-B11A-B829415E9103} (MaxisGolfTeleX Control) - http://simgolf.ea.com/teleport/simgolf/MaxisGolfTeleX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/D...h2.1.0.0.68.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.freeworldgroup.com/games6/diner...tg.1.0.0.33.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.94.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.freeworldgroup.com/games6/weddi...sh.1.0.0.47.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Client Firewall Configuration (CfgWzSvc) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - c:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--
End of file - 11053 bytes

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:32 PM

Posted 04 August 2008 - 09:16 PM

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
===========
Please post a new dss log and the mbam log and we will wrap it up. :thumbsup:
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 Dawgs

Dawgs
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 04 August 2008 - 10:13 PM

OK, Kahdah, I ran Malwarebytes and it found 2 Virus then we deleted them. Thanks for all of your help. Below that is the DSS log.
------------------------------
Here is the Log file

Malwarebytes' Anti-Malware 1.24
Database version: 1026
Windows 5.1.2600 Service Pack 2

11:00:46 PM 8/4/2008
mbam-log-8-4-2008 (23-00-46).txt

Scan type: Quick Scan
Objects scanned: 49380
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Webtools\webtools.dll (Trojan.Agent) -> Quarantined and deleted successfully.



--------------------------------------------------------------
Here is the DSSLog....

Deckard's System Scanner v20071014.68
Run by Ken on 2008-08-04 23:07:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).
System Drive C: has 3.49 GiB (less than 15%) free.


-- HijackThis (run as Ken.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:45 PM, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\sdwork\issimsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\HCWemMON.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ken\Local Settings\Temporary Internet Files\Content.IE5\GZI1K3MN\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ken.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IBMPRC] c:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [emMON] HCWemMON.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-1683056158-2375859278-3124077611-1009\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (User 'Nick')
O4 - HKUS\S-1-5-21-1683056158-2375859278-3124077611-1009\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Nick')
O4 - HKUS\S-1-5-21-1683056158-2375859278-3124077611-1009\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp (User 'Nick')
O4 - HKUS\S-1-5-21-1683056158-2375859278-3124077611-1009\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User 'Nick')
O4 - HKUS\S-1-5-21-1683056158-2375859278-3124077611-1009\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe (User 'Nick')
O4 - HKUS\S-1-5-21-1683056158-2375859278-3124077611-1009\..\Run: [Erqva] "C:\Program Files\Common Files\s?curity\?hkdsk.exe" (User 'Nick')
O4 - HKUS\S-1-5-21-1683056158-2375859278-3124077611-1009\..\Run: [Sakora] C:\Program Files\Sakora\Sakora.exe (User 'Nick')
O4 - HKUS\S-1-5-21-1683056158-2375859278-3124077611-1009\..\Run: [mjc] C:\Program Files\mjc\mjc.exe (User 'Nick')
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {08EE4BCE-527E-4760-B11A-B829415E9103} (MaxisGolfTeleX Control) - http://simgolf.ea.com/teleport/simgolf/MaxisGolfTeleX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/D...h2.1.0.0.68.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.freeworldgroup.com/games6/diner...tg.1.0.0.33.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.94.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.freeworldgroup.com/games6/weddi...sh.1.0.0.47.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Client Firewall Configuration (CfgWzSvc) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - c:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--
End of file - 12456 bytes

-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-08-04 22:46:35 0 d-------- C:\Documents and Settings\Ken\Application Data\Malwarebytes
2008-08-04 22:46:31 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 22:46:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-04 15:41:31 0 d-------- C:\Program Files\uTorrent
2008-08-04 15:41:27 0 d-------- C:\Documents and Settings\Nick\Application Data\uTorrent
2008-08-03 12:43:53 0 d-------- C:\cmdcons
2008-08-03 12:41:55 68096 --a------ C:\WINDOWS\zip.exe
2008-08-03 12:41:55 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-03 12:41:55 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-03 12:41:55 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-03 12:41:55 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-03 12:41:55 98816 --a------ C:\WINDOWS\sed.exe
2008-08-03 12:41:55 80412 --a------ C:\WINDOWS\grep.exe
2008-08-03 12:41:55 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-01 20:29:33 0 d-------- C:\Program Files\Trend Micro
2008-07-31 23:01:38 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-07-30 19:00:58 0 d-------- C:\Documents and Settings\Pat\Application Data\Adobe
2008-07-30 13:50:05 0 d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-07-30 13:47:12 0 d-------- C:\Program Files\NCH Software
2008-07-29 20:58:19 0 d-------- C:\Program Files\iPod
2008-07-29 20:58:01 0 d-------- C:\Program Files\iTunes
2008-07-29 11:26:41 0 d-------- C:\Program Files\Bonjour
2008-07-28 14:02:31 0 d-------- C:\Documents and Settings\Nick\Application Data\LimeWire
2008-07-28 14:01:48 0 d-------- C:\Program Files\LimeWire
2008-07-27 21:29:47 0 d-------- C:\Program Files\SynchStep Prep
2008-07-26 18:38:32 0 d-------- C:\WINDOWS\pss
2008-07-26 13:27:27 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-07-26 12:21:54 0 d-------- C:\WINDOWS\system32\Adobe
2008-07-19 00:16:35 66831002 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-07-18 18:45:36 0 d-------- C:\Documents and Settings\Chris\Application Data\Adobe
2008-07-17 22:07:19 0 d-------- C:\Documents and Settings\Ken\Application Data\Adobe
2008-07-17 19:44:03 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-07-17 19:44:02 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-07-16 15:12:00 0 dr------- C:\Documents and Settings\LocalService\Favorites


-- Find3M Report ---------------------------------------------------------------

2008-08-04 23:08:10 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-04 20:08:21 0 d-------- C:\Program Files\Common Files
2008-08-04 16:38:05 40 --a------ C:\WINDOWS\system32\profile.dat
2008-08-04 14:49:52 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-03 20:20:38 0 d-------- C:\Program Files\Symantec
2008-08-02 16:46:57 0 d-------- C:\Program Files\Diablo II
2008-07-29 12:59:14 0 d-------- C:\Program Files\QuickTime
2008-07-29 11:20:02 0 d-------- C:\Program Files\Apple Software Update
2008-07-27 19:35:41 0 d-------- C:\Program Files\Java
2008-07-27 19:27:26 0 d-------- C:\Program Files\AT&T Network client
2008-07-18 20:01:00 0 d-------- C:\Documents and Settings\Ken\Application Data\Mozilla
2008-07-17 21:55:31 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-01 15:13:04 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-30 22:32:03 35775 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-30 22:30:50 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-06-30 22:30:50 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-06-30 22:30:50 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-06-30 22:06:01 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-30 22:06:01 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-06-30 19:00:50 0 d-------- C:\Program Files\yGen
2008-06-29 22:02:59 0 d-------- C:\Program Files\GlobalSCAPE
2008-06-29 21:24:58 0 d-------- C:\Program Files\FAR
2008-06-29 20:20:42 0 d-------- C:\Program Files\WinSCP
2008-06-27 16:43:20 0 d-------- C:\Program Files\Common Files\EasyInfo
2008-06-27 16:19:21 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-06-26 22:50:55 0 d-------- C:\Program Files\ezwall
2008-06-20 15:55:03 0 d-------- C:\Program Files\Dreamlords


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [07/27/2004 04:48 PM]
"UC_Start"="C:\Program Files\IBM\Updater\\ucstartup.exe" [07/14/2004 07:34 PM]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe" [12/11/2004 12:03 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [09/02/2004 04:05 AM]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 04:01 AM]
"IBMPRC"="c:\IBMTOOLS\UTILS\ibmprc.exe" [12/16/2004 06:41 AM]
"Mouse Suite 98 Daemon"="ICO.EXE" [07/14/2004 06:36 PM C:\WINDOWS\system32\ico.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [08/24/2005 03:50 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [08/24/2005 03:47 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [08/24/2005 03:51 PM]
"emMON"="HCWemMON.exe" [05/31/2006 12:24 PM C:\WINDOWS\HCWemMON.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [01/12/2006 04:40 PM]
"ISSI EZUpdate Service"="c:\sdwork\issimsvc.exe" [03/20/2006 01:37 PM]
"stgclean"="c:\sdwork\w32main2.exe" [04/14/2008 09:44 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/21/2006 05:38 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [03/14/2007 07:49 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [12/11/2004 12:03 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Broadband Networking.lnk - C:\WINDOWS\Installer\{2C84BB95-1DB9-4AC4-8750-F979BBCDD859}\_18be6784.exe [9/15/2005 12:33:08 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1147987455\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

*Newly Created Service* - EGATHDRV
*Newly Created Service* - MBAMSWISSARMY



-- End of Deckard's System Scanner: finished at 2008-08-04 23:08:32 ------------

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:32 PM

Posted 04 August 2008 - 10:36 PM

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart yor computer when prompted.
This will remove what tools we used.
====================================
===============
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
=============================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you use Vista see the below link on how to Reset the System Restore points:
http://www.howtogeek.com/howto/windows-vis...system-restore/

=====================================
After that your log is clean. :thumbsup:

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:32 PM

Posted 16 August 2008 - 08:49 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :thumbsup:

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users