Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:win32/conhook:i


  • This topic is locked This topic is locked
24 replies to this topic

#1 Fortknox

Fortknox

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lagos, Nigeria
  • Local time:04:32 PM

Posted 02 August 2008 - 11:51 PM

Kindly help me with resolve the above named issue with my syste, my windows defender sees it but my Norton 360 does not, following the guide provide, i have RUN the kerpersky and DSS but the DSS cannot download the latest HIJACKTHIS...even after allowing it thru my firewall..pls help urgently needed.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, August 3, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, August 02, 2008 22:19:59
Records in database: 1045039
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 144289
Threat name: 5
Infected objects: 47
Suspicious objects: 0
Duration of the scan: 01:58:26


File name / Threat name / Threats count
C:\Windows\system32\fluhauir.dll/C:\Windows\system32\fluhauir.dll Infected: Trojan.Win32.Monder.cbv 38
C:\Windows\system32\tnhhvawv.dll/C:\Windows\system32\tnhhvawv.dll Infected: not-a-virus:AdWare.Win32.BHO.cgs 1
C:\Users\Adewale\AppData\Roaming\IDM\crack.exe Infected: Trojan-Downloader.Win32.Small.yzt 1
C:\Users\Adewale\AppData\Roaming\IDM\keygen.exe Infected: Trojan.Win32.Monder.wo 1
C:\Windows\System32\dyrqikjt.dll Infected: not-a-virus:AdWare.Win32.BHO.cgs 1
C:\Windows\System32\fluhauir.dll Infected: Trojan.Win32.Monder.cbv 1
C:\Windows\System32\lhnnncmx.dll Infected: not-a-virus:AdWare.Win32.BHO.cgs 1
C:\Windows\System32\nyibjtkd.dll Infected: not-a-virus:AdWare.Win32.BHO.cgs 1
C:\Windows\System32\tnhhvawv.dll Infected: not-a-virus:AdWare.Win32.BHO.cgs 1
F:\Main\Flash Backup\autorun.inf Infected: Trojan-PSW.Win32.OnLineGames.prk 1

The selected area was scanned.

End of KERPERSKY REPORT.
..................................................................................................................................................................................................................................
Deckard's System Scanner v20071014.68
Run by Adewale on 2008-08-03 05:16:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
7: 2008-08-02 19:24:53 UTC - RP253 - Windows Defender Checkpoint
6: 2008-08-02 07:59:31 UTC - RP251 - Windows Defender Checkpoint
5: 2008-08-01 23:38:38 UTC - RP249 - Device Driver Package Install: Symantec Network Service
4: 2008-08-01 23:33:41 UTC - RP248 - Windows Defender Checkpoint
3: 2008-08-01 23:27:30 UTC - RP246 - Installed MyUSBOnly


-- First Restore Point --
1: 2008-08-01 19:38:57 UTC - RP244 - Last known good configuration


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-03 05:25:40
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
C:\Windows\System32\dwm.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Folder Guard Pro\FGKey.exe
C:\Program Files\Avanquest\AutoSave\AutoSave.exe
C:\Program Files\A.C. Element MyUSBOnly\SMSS.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\NPC\2.0\HSLoader.exe
C:\Windows\explorer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Adewale\Desktop\dss.exe
C:\Windows\System32\conime.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pimpmysearch.com/home.html?gnam...'s%20Search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.93.178.162:3128
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B85342B-0A19-47A8-80A4-5F9F16D26699} - C:\Windows\System32\geBrrRhf.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {827EA2DD-1916-41CC-917C-485CD07F2BE3} - C:\Windows\System32\tnhhvawv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [FG_Monitor] C:\Program Files\Folder Guard Pro\FGKey.exe /Start
O4 - HKLM\..\Run: [AutoSave] "C:\Program Files\Avanquest\AutoSave\AutoSave.exe" /Autorun
O4 - HKLM\..\Run: [USBO] "C:\Program Files\A.C. Element MyUSBOnly\SMSS.EXE" /autostart
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnklKef.dll,#1
O4 - HKLM\..\Run: [BM744c1fa0] Rundll32.exe "C:\Windows\system32\ovpmiakj.dll",s
O4 - HKLM\..\Run: [777f2c3c] rundll32.exe "C:\Windows\system32\vdtjmcvw.dll",b
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk2/downloads/sysinfo.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: IBService - Unknown owner - C:\Program Files\Invisible Browsing\servers\IBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Removable Storage Control Service (MYUSSER) - PMYUSSER - C:\Program Files\A.C. Element MyUSBOnly\MYUSSER.EXE
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe


--
End of file - 16075 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows Vista Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T7500 @ 2.20GHz
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 2045.75 MiB / 854 MiB
Pagefile Memory (total/avail): 4306.29 MiB / 2528.89 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1910.86 MiB

C: is Fixed (NTFS) - 120.11 GiB total, 82.2 GiB free.
D: is Fixed (NTFS) - 7.81 GiB total, 2.08 GiB free.
E: is CDROM (No Media)
F: is Fixed (NTFS) - 104.97 GiB total, 96.64 GiB free.

\\.\PHYSICALDRIVE0 - SAMSUNG HM250JI - 232.88 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 120.11 GiB - C:
\PARTITION1 - Installable File System - 104.97 GiB - F:
\PARTITION2 - Installable File System - 7.81 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Norton 360 v2007 (SYMANTEC Corperation)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Norton 360 v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Users\\Adewale\\AppData\\Local\\Temp\\IXP000.TMP\\file.exe"="C:\\Users\\Adewale\\AppData\\Local\\Temp\\IXP000.TMP\\file.exe:*:Enabled:MSWin64"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Adewale\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ADEWALE-PC
ComSpec=C:\Windows\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Adewale
LOCALAPPDATA=C:\Users\Adewale\AppData\Local
LOGONSERVER=\\ADEWALE-PC
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Bioscrypt\VeriSoft\bin;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Intuwave\Shared\mRouterRuntime;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Adewale\AppData\Local\Temp
TMP=C:\Users\Adewale\AppData\Local\Temp
USERDOMAIN=Adewale-PC
USERNAME=Adewale
USERPART=E:
USERPROFILE=C:\Users\Adewale
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Adewale (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\NuNInst.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}\Setup.exe" -l0x9
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
AceMoney Lite --> "C:\Program Files\AceMoney\unins000.exe"
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Advanced PC Tweaker v3.5 --> "C:\Program Files\Advanced PC Tweaker\unins000.exe"
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
AuthenTec Fingerprint Sensor Minimum Install --> MsiExec.exe /I{55CABB2F-4513-4FF1-B912-B45F93FC5B01}
AuthenTec Fingerprint Sensor Minimum Install --> MsiExec.exe /X{7F362F06-A9A3-440F-8B19-6A01A72723C4}
AutoSave --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Avanquest\AutoSave\Uninst\Setup.exe" -l0x9 -XYZ
Backup --> MsiExec.exe /I{24DF7221-644B-4C3A-A478-459502D40522}
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IwisVenza.INF
deskPDF 2.5 Professional Edition --> "C:\Program Files\Docudesk\deskPDF\unins000.exe"
deskUNPDF 2 --> "C:\Program Files\Docudesk\deskUNPDF\unins000.exe"
Docudesk GPL Ghostscript 8.15 --> "C:\Program Files\Docudesk\GPL Ghostscript\unins000.exe"
Download Direct --> MsiExec.exe /I{DB6A8C83-EFF7-4955-BBD0-81C13DDE5395}
DVDToGO --> "C:\Program Files\DVDToGO\uninstall.exe"
e-Sword --> MsiExec.exe /I{97D86AAF-0473-4457-A35F-066C84E83CB0}
Easy Wireless Net V3.133.00 --> C:\Program Files\AnyDATA\EasyWirelessNet\uninst.exe
ESU for Microsoft Vista --> MsiExec.exe /X{1517A7CB-5F00-4A88-8F06-E89B6DB63784}
ExpressPCB --> MsiExec.exe /X{378E6AB4-C604-4D67-83D5-E973F0DE7EC9}
Folder Guard --> "C:\Program Files\Folder Guard Pro\Setup.exe" /U
GearDrvs --> MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
Google Desktop Search --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7\UIU32m.EXE -U -IwqcVenz.inf
Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Hide IP Platinum 3.5 --> "C:\Program Files\Hide IP Platinum\unins000.exe"
HP Active Support Library --> C:\Program Files\InstallShield Installation Information\{290B83AA-093A-45BF-A917-D1C4A1E8D917}\setup.exe -runfromtemp -l0x0409
HP Active Support Library 32 bit components --> MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Participation Program 8.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Doc Viewer --> MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support --> MsiExec.exe /I{9061CEF2-51F5-42C9-8A70-9ED351C6597A}
HP Imaging Device Functions 8.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart Essential 2.0 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B --> C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot
HP Quick Launch Buttons 6.20 B1 --> C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Solution Center 8.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guides 0060 --> MsiExec.exe /I{40385AA8-F33A-4E8E-BCAB-DF94A6AF7D51}
HP Wireless Assistant --> MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
HPSSupply --> MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
Intel Matrix Storage Manager --> C:\Windows\system32\imsmudlg.exe -uninstall
Internet Download Manager --> C:\Program Files\Internet Download Manager\Uninstall.exe
Invisible Browsing 6.5 --> "C:\Program Files\Invisible Browsing\unins000.exe"
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (2.0) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
mpowerplayer --> C:\Windows\system32\javaws.exe -uninstall -prompt "http://content.mplayit.com/client/player.jarjnlp"
MSCU for Microsoft Vista --> MsiExec.exe /I{F7F3B252-E772-48AA-93EB-7964BC326067}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
muvee autoProducer 6.0 --> C:\Program Files\InstallShield Installation Information\{0BFC200F-C45D-4271-AF34-4CA969225DEB}\setup.exe -runfromtemp -l0x0009 -removeonly
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 -removeonly
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Nero 7 Essentials --> MsiExec.exe /X{8E72B982-D54F-486F-B35A-C24B6F171033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 --> MsiExec.exe /I{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_0_0_242\Setup.exe" /X
Norton 360 HTMLHelp --> MsiExec.exe /I{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Office Password Recovery PRO v1.0 (remove only) --> C:\Program Files\Password Solutions\Office Password Recovery PRO\uninstall.exe
Passware Kit - 5.0.0 --> C:\PROGRA~1\Passware\UNWISE.EXE /U C:\PROGRA~1\Passware\kit.log
PC Suite for Sony Ericsson --> C:\Windows\Installer\{E1252473-6306-4d5d-904D-B06AA7F38161}\Setup.exe /uninstall
PC Suite for Sony Ericsson --> MsiExec.exe /I{430EB7ED-8588-430D-B17C-BFFA00CB370A}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Proxy Finder --> C:\Program Files\ProxyFinder\uninstal.exe
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Roxio Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive --> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SeePassword --> MsiExec.exe /X{48948338-3777-41EB-AB05-DF48D3A59591}
Skype 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Ericsson Symbian 9 Drivers --> C:\Program Files\Sony Ericsson\Sony Ericsson Symbian 9 Drivers\ZEBRUninstall.exe
Sony Ericsson Themes Creator 3.27 --> C:\Program Files\Sony Ericsson\Themes Creator\Uninstall.exe
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Symantec Technical Support Controls --> MsiExec.exe /I{45690715-80A6-4445-B61D-ADEC5888E8CD}
Symantec Technical Support Web Controls --> MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
Total Video Converter 2.603 --> "C:\Program Files\Total Video Converter\unins000.exe"
Touch Pad Driver --> C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
USB Disk Security 5.0.0.85 --> "C:\Program Files\USB Disk Security\unins000.exe"
VeriSoft Access Manager --> rundll32.exe "C:\Program Files\Bioscrypt\VeriSoft\Bin\SetupHelper.dll",ExecMain /Uninstall {D83899AB-9964-4CFC-A246-F1BD430A455F}
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WriteExpress 3,001 Business & Sales Letters --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{720DAF8C-F9FD-4236-8EDD-75219B21E276}
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! uC --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE


-- Application Event Log -------------------------------------------------------

Event Record #/Type27905 / Error
Event Submitted/Written: 08/02/2008 10:49:46 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application Explorer.exe, version 6.0.6000.16386, time stamp 0x4549b091, faulting module kernel32.dll, version 6.0.6000.16386, time stamp 0x4549bd80, exception code 0xc0000005, fault offset 0x000cbfd0,
process id 0x16f8, application start time 0xExplorer.exe0.

Event Record #/Type27887 / Error
Event Submitted/Written: 08/02/2008 08:25:35 PM
Event ID/Source: 5007 / WerSvc
Event Description:
The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Event Record #/Type27882 / Error
Event Submitted/Written: 08/02/2008 08:24:53 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application Spyhunter3.exe, version 1.0.30.0, time stamp 0x485a63a2, faulting module Secur32.dll, version 6.0.6000.16386, time stamp 0x4549bdd2, exception code 0xc0000005, fault offset 0x000021f4,
process id 0xaac, application start time 0xSpyhunter3.exe0.

Event Record #/Type27877 / Error
Event Submitted/Written: 08/02/2008 08:24:47 PM
Event ID/Source: 8194 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {76bf95da-2c2a-4fed-95ac-4eace414eb0d}

Event Record #/Type27872 / Success
Event Submitted/Written: 08/02/2008 08:23:09 PM
Event ID/Source: 5617 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type55998 / Warning
Event Submitted/Written: 08/03/2008 05:25:56 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Adewale-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Adewale-PC27 can't undo changes that you allow.

For more information please see the following:
%Adewale-PC275

Scan ID: {B1278A56-53BD-4BE9-9760-05D520F0D806}

User: Adewale-PC\Adewale

Name: %Adewale-PC271

ID: %Adewale-PC272

Severity ID: %Adewale-PC273

Category ID: %Adewale-PC274

Path Found: %Adewale-PC276

Alert Type: %Adewale-PC278

Detection Type: 1.1.1505.02

Event Record #/Type55997 / Warning
Event Submitted/Written: 08/03/2008 05:25:56 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%Adewale-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Adewale-PC27 can't undo changes that you allow.

For more information please see the following:
%Adewale-PC275

Scan ID: {F331CE5D-7754-4133-9223-331335C818AA}

User: Adewale-PC\Adewale

Name: %Adewale-PC271

ID: %Adewale-PC272

Severity ID: %Adewale-PC273

Category ID: %Adewale-PC274

Path Found: %Adewale-PC276

Alert Type: %Adewale-PC278

Detection Type: 1.1.1505.02

Event Record #/Type55996 / Error
Event Submitted/Written: 08/03/2008 05:25:19 AM
Event ID/Source: 10016 / DCOM
Event Description:
machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Adewale-PCAdewaleS-1-5-21-1502189183-1734663120-2411723245-1000LocalHost (Using LRPC)

Event Record #/Type55995 / Error
Event Submitted/Written: 08/03/2008 05:25:18 AM
Event ID/Source: 10016 / DCOM
Event Description:
machine-defaultLocalActivation{0590AEC3-61EF-4C31-AAED-734A4E619247}Adewale-PCAdewaleS-1-5-21-1502189183-1734663120-2411723245-1000LocalHost (Using LRPC)

Event Record #/Type55994 / Error
Event Submitted/Written: 08/03/2008 05:25:18 AM
Event ID/Source: 10016 / DCOM
Event Description:
machine-defaultLocalActivation{0590AEC3-61EF-4C31-AAED-734A4E619247}Adewale-PCAdewaleS-1-5-21-1502189183-1734663120-2411723245-1000LocalHost (Using LRPC)



-- End of Deckard's System Scanner: finished at 2008-08-03 05:27:07 ------------
Posted Image

BC AdBot (Login to Remove)

 


#2 Fortknox

Fortknox
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lagos, Nigeria
  • Local time:04:32 PM

Posted 03 August 2008 - 02:11 PM

:thumbsup:

Guys, I Love this forum, I think my system is normal again and I've finally gotten rid of the "Trojan:win32/conhook:I" alert my Vista Window Defender gives, here are the steps i took
1. I downloaded Malwarebytes Anti-Malware after reading about it from reply to one of the post in this forum, saved it on the desktop and did a quick scan, below are the results obtained after the scan

Malwarebytes' Anti-Malware 1.24
Database version: 1015
Windows 6.0.6000

15:20:45 03/08/2008
mbam-log-8-3-2008 (15-20-45).txt

Scan type: Quick Scan
Objects scanned: 39529
Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 17
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\geBrrRhf.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\vdcvewck.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\vjnixa.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\opnklKef.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\tnhhvawv.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0b85342b-0a19-47a8-80a4-5f9f16d26699} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0b85342b-0a19-47a8-80a4-5f9f16d26699} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55c3c208-8000-4b2f-82a5-6fc13368b403} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{55c3c208-8000-4b2f-82a5-6fc13368b403} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{099ac52c-1cd4-434c-9cc6-ff56dabb5010} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{099ac52c-1cd4-434c-9cc6-ff56dabb5010} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{827ea2dd-1916-41cc-917c-485cd07f2be3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{827ea2dd-1916-41cc-917c-485cd07f2be3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\777f2c3c (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{099ac52c-1cd4-434c-9cc6-ff56dabb5010} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm744c1fa0 (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebrrrhf -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebrrrhf -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\geBrrRhf.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\fhRrrBeg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\fhRrrBeg.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\vjnixa.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\vdcvewck.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\kcwevcdv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\vdtjmcvw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wvcmjtdv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\opnklKef.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\tnhhvawv.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\dyrqikjt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\fccyaXqo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jtxccmum.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\lhnnncmx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\nyibjtkd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ovpmiakj.dll (Trojan.Agent) -> Delete on reboot.

I did a system reboot and got the following RUNDLL error message on logon:-
Error loading C:\windows\system32\opnkLKef.dll
The specified module could not be found.

At this point, The Windows defender was still giving the High alert Trojan error message, I applied the Remove Action and this time around it was completely deleted/removed.

I then did a quick scan again using the MAM, and below is the result obtained.

Malwarebytes' Anti-Malware 1.24
Database version: 1015
Windows 6.0.6000

19:33:59 03/08/2008
mbam-log-8-3-2008 (19-33-59).txt

Scan type: Quick Scan
Objects scanned: 37095
Time elapsed: 6 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks guys, i really would appreciate a suggestion for a better antivirus/firewall software (ESPECIALLY TO PREVENT FUTURE RE_OCCURRENCE) as I'm no longer very comfortable with the Norton 360 currently used on my system..... its failing me when I needed it the most.
Posted Image

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:32 PM

Posted 06 August 2008 - 09:17 PM

Hello Fortknox,

Good to hear you killed most (if not all) of the infection. :thumbsup:

I really would appreciate a suggestion for a better antivirus/firewall software (ESPECIALLY TO PREVENT FUTURE RE_OCCURRENCE) as I'm no longer very comfortable with the Norton 360 currently used on my system..... its failing me when I needed it the most.


There is no antivirus or antimalware that will prevent the infection you got; however, this infection is thought to spread by using old versions of Java, and you are using an old version jre1.6.0_05 .

Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u7-windows-i586.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java 2 Runtime Environment, SE v1.4.2
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 6
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.
If you want to be sure MalwareBytes removed all to this infection, then we need to create a Deckard's System Scanner (DSS) Log.

In your next reply, I need to see the following reports:
DSS Main.txt

Edited by SifuMike, 06 August 2008 - 09:20 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 Fortknox

Fortknox
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lagos, Nigeria
  • Local time:04:32 PM

Posted 07 August 2008 - 01:56 PM

SifuMike,
Thanks a lot for your reply, i really do appreaciate it.
I will insytall the Updated Java as intstructed as i have already downloaded it.
Below is the result of the DSS log requested...


Deckard's System Scanner v20071014.68
Run by Adewale on 2008-08-07 19:45:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Adewale.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47:20, on 07/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Folder Guard Pro\FGKey.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Avanquest\AutoSave\AutoSave.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\A.C. Element MyUSBOnly\SMSS.EXE
C:\Windows\system32\conime.exe
C:\Users\Adewale\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Adewale.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pimpmysearch.com/home.html?gnam...'s%20Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [FG_Monitor] C:\Program Files\Folder Guard Pro\FGKey.exe /Start
O4 - HKLM\..\Run: [AutoSave] "C:\Program Files\Avanquest\AutoSave\AutoSave.exe" /Autorun
O4 - HKLM\..\Run: [USBO] "C:\Program Files\A.C. Element MyUSBOnly\SMSS.EXE" /autostart
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk2/downloads/sysinfo.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll vjnixa.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IBService - Unknown owner - C:\Program Files\Invisible Browsing\servers\IBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Removable Storage Control Service (MYUSSER) - PMYUSSER - C:\Program Files\A.C. Element MyUSBOnly\MYUSSER.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13977 bytes

-- Files created between 2008-07-07 and 2008-08-07 -----------------------------

2008-08-07 19:47:01 0 d-------- C:\Program Files\Trend Micro
2008-08-07 19:18:41 173 --a------ C:\Windows\kmukey.sys
2008-08-06 00:47:25 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-06 00:27:05 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-08-06 00:26:22 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-08-06 00:25:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-03 19:22:59 2560 --a------ C:\Windows\system32\drivers\mchInjDrv.sys
2008-08-02 12:46:52 0 d-------- C:\Users\All Users\Malwarebytes
2008-08-02 12:46:52 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-01 23:54:32 0 d-------- C:\Program Files\Anti Trojan Elite
2008-08-01 23:40:03 0 d-------- C:\Windows\vf_hip
2008-08-01 23:40:03 0 d-------- C:\Program Files\Hide IP Platinum
2008-08-01 21:20:25 0 d-------- C:\Program Files\Enigma Software Group
2008-08-01 20:39:35 90624 --a------ C:\Windows\system32\fluhauir.dll
2008-08-01 10:40:08 4885 --a------ C:\Windows\kmuusb.sys
2008-08-01 10:40:08 14 --a------ C:\Windows\kmuudr.sys
2008-08-01 10:38:50 0 d-------- C:\Users\All Users\MyUSBOnly
2008-08-01 10:38:50 0 d-------- C:\Program Files\A.C. Element MyUSBOnly
2008-08-01 10:25:49 0 d-------- C:\Program Files\ProxyFinder
2008-08-01 00:52:30 0 d-------- C:\Program Files\Passware
2008-08-01 00:52:03 199 --a------ C:\melt1.bat
2008-08-01 00:20:15 0 d-------- C:\Program Files\Advanced PC Tweaker
2008-07-30 23:28:14 345 --ahs---- C:\Windows\system32\lkQYaGgh.ini2
2008-07-30 22:12:01 0 d-------- C:\Program Files\Invisible Browsing
2008-07-30 19:57:30 0 d-------- C:\Program Files\Download Direct
2008-07-30 01:10:06 0 d-------- C:\Program Files\Intelore
2008-07-30 00:18:33 345 --ahs---- C:\Windows\system32\VGijlnnn.ini2
2008-07-29 23:41:40 0 d-------- C:\Program Files\ElcomSoft
2008-07-29 23:12:54 0 d-------- C:\Program Files\FDRLab
2008-07-29 07:50:20 0 d-------- C:\Program Files\WriteExpress
2008-07-28 23:16:07 32 --a------ C:\Windows\go
2008-07-28 14:15:12 0 d-------- C:\Program Files\Picasa2
2008-07-28 14:10:50 0 d-------- C:\Program Files\Western Digital Technologies
2008-07-27 21:33:33 341 --a------ C:\RestoreBackup.bat
2008-07-27 21:33:33 0 d-------- C:\Backup
2008-07-27 21:04:35 0 d-------- C:\Program Files\Internet Download Manager
2008-07-26 21:20:39 0 d-------- C:\Program Files\Avanquest
2008-07-25 20:48:51 0 d-------- C:\Program Files\Folder Guard Pro
2008-07-23 23:32:00 0 d-------- C:\Program Files\Password Solutions
2008-07-23 23:12:00 0 d-------- C:\Program Files\SeePassword
2008-07-23 18:37:47 0 d-------- C:\Windows\Sun
2008-07-17 07:54:27 0 d--h----- C:\AUTORUN.INF
2008-07-17 07:52:41 0 d-------- C:\Program Files\USB Disk Security
2008-07-14 11:28:36 0 d-------- C:\Program Files\Total Video Converter
2008-07-09 23:48:51 0 d-------- C:\Users\All Users\eMule
2008-07-09 21:09:43 0 -rahs---- C:\MSDOS.SYS
2008-07-09 21:09:43 0 -rahs---- C:\IO.SYS
2008-07-09 20:59:19 0 d-------- C:\Windows\system32\URTTEMP
2008-07-09 08:58:29 0 d-------- C:\Program Files\ReGet Software
2008-07-09 08:58:29 0 d-------- C:\Program Files\Common Files\ReGet Shared
2008-07-09 00:31:59 0 d-------- C:\Program Files\LimeWire
2008-07-09 00:17:35 0 d-------- C:\Program Files\FlashGet
2008-07-09 00:08:08 0 d-------- C:\Program Files\Free Download Manager


-- Find3M Report ---------------------------------------------------------------

2008-08-07 19:05:51 42621 --a------ C:\Users\Adewale\AppData\Roaming\nvModes.001
2008-08-07 18:45:09 42621 --a------ C:\Users\Adewale\AppData\Roaming\nvModes.dat
2008-08-07 18:42:14 0 d-------- C:\Users\Adewale\AppData\Roaming\DMCache
2008-08-07 09:50:36 8252 --a------ C:\Windows\bthservsdp.dat
2008-08-06 18:09:06 0 d-------- C:\Users\Adewale\AppData\Roaming\Ahead
2008-08-06 00:26:22 0 d-------- C:\Users\Adewale\AppData\Roaming\SUPERAntiSpyware.com
2008-08-06 00:25:38 0 d-------- C:\Program Files\Common Files
2008-08-03 12:53:37 0 d-------- C:\Users\Adewale\AppData\Roaming\Image Zone Express
2008-08-02 12:46:56 0 d-------- C:\Users\Adewale\AppData\Roaming\Malwarebytes
2008-08-02 11:19:42 0 d-------- C:\Program Files\Google
2008-08-02 00:40:49 0 d-------- C:\Program Files\Symantec
2008-08-02 00:38:28 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-31 23:08:58 0 d-------- C:\Users\Adewale\AppData\Roaming\Thinstall
2008-07-31 23:05:43 0 d-------- C:\Users\Adewale\AppData\Roaming\Hide IP NG
2008-07-31 21:25:29 0 d-------- C:\Users\Adewale\AppData\Roaming\HideIP
2008-07-30 00:09:01 0 d-------- C:\Users\Adewale\AppData\Roaming\IDM
2008-07-29 07:51:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-28 14:20:47 8 --a------ C:\Users\Adewale\AppData\Roaming\usb.dat.bin
2008-07-27 05:19:45 0 d-------- C:\Users\Adewale\AppData\Roaming\Password Solutions
2008-07-25 21:32:09 0 d-------- C:\Users\Adewale\AppData\Roaming\Folder Guard
2008-07-23 21:54:00 0 d-------- C:\Program Files\Sony Ericsson
2008-07-23 18:40:39 0 d-------- C:\Users\Adewale\AppData\Roaming\Yahoo!
2008-07-17 12:58:35 0 d-------- C:\Program Files\AceMoney
2008-07-17 07:29:39 0 d-------- C:\Program Files\Apple Software Update
2008-07-11 06:38:04 0 d-------- C:\Users\Adewale\AppData\Roaming\U3
2008-07-11 05:31:56 0 d-------- C:\Users\Adewale\AppData\Roaming\Download Manager
2008-07-11 02:07:20 0 d-------- C:\Users\Adewale\AppData\Roaming\uTorrent
2008-07-09 22:40:03 0 d-------- C:\Users\Adewale\AppData\Roaming\LimeWire
2008-07-09 21:27:39 0 d-------- C:\Users\Adewale\AppData\Roaming\Teleca
2008-07-09 18:07:32 0 d-------- C:\Users\Adewale\AppData\Roaming\ReGet Software
2008-07-09 03:11:43 174 --ahs---- C:\Program Files\desktop.ini
2008-07-09 00:17:44 0 d-------- C:\Users\Adewale\AppData\Roaming\FlashGet
2008-07-08 20:46:41 0 d-------- C:\Users\Adewale\AppData\Roaming\WinRAR
2008-07-01 22:31:22 0 d-------- C:\Program Files\Norton 360
2008-06-08 00:30:05 0 d-------- C:\Program Files\Common Files\LightScribe
2008-06-08 00:26:57 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-08 00:22:55 0 d-------- C:\Program Files\Nero
2008-06-04 20:32:24 0 --a------ C:\Windows\nsreg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
30/06/2008 13:44 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
06/05/2008 12:03 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [30/06/2008 13:44 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [07/10/2007 11:55]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [11/03/2007 12:21]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [29/04/2007 11:05]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [29/04/2007 11:05]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [29/04/2007 11:05]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [12/02/2007 15:37]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [13/02/2007 19:38]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [01/03/2007 21:18]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [11/01/2007 00:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"CognizanceTS"="C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [22/12/2003 07:12]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 01:47]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [18/02/2008 20:37]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [26/02/2008 15:50]
"USB Antivirus"="C:\Program Files\USB Disk Security\USBGuard.exe" [21/06/2008 13:46]
"FG_Monitor"="C:\Program Files\Folder Guard Pro\FGKey.exe" [05/01/2008 00:00]
"AutoSave"="C:\Program Files\Avanquest\AutoSave\AutoSave.exe" [27/01/2007 16:54]
"USBO"="C:\Program Files\A.C. Element MyUSBOnly\SMSS.exe" [05/06/2008 10:55]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [25/06/2007 08:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [17/03/2008 17:23]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 13:36]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [27/07/2008 21:33]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NofolderOptions"=0 (0x0)
"NoRun"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=APSHook.dll vjnixa.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\Windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mRouterConfig]
"C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones]
"C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
Cognizance ASBroker ASChannel
GPSvcGroup GPSvc
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27b0edda-f4fa-11dc-b80e-001a6baeef12}]
Auto\command- auto.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
open\command- wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28f34c26-55dc-11dd-b4c0-001cbf2edf16}]
Auto\command- RavMon.exe e
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28f34c2c-55dc-11dd-b4c0-001cbf2edf16}]
Auto\command- RavMon.exe e
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44f15436-f516-11dc-bf37-001a6baeef12}]
AutoRun\command- wscript.exe .\.vbs
open\command- wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57b7b4f0-fcde-11dc-90e4-001a6baeef12}]
AutoRun\command- wscript.exe .\.vbs
open\command- wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57b7b4fd-fcde-11dc-90e4-001a6baeef12}]
AutoRun\command- EXPLORER.EXE
explore\Command- EXPLORER.EXE
open\Command- EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{580807f7-2447-11dd-8c36-001a6baeef12}]
AutoRun\command- u2.cmd
explore\Command- u2.cmd
open\Command- u2.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6937553f-25de-11dd-90a6-001a6baeef12}]
AutoRun\command- H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b35b3a9a-281f-11dd-a4eb-001a6baeef12}]
AutoRun\command- xn1i9x.com
explore\Command- xn1i9x.com
open\Command- xn1i9x.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bddc7bcd-37cc-11dd-8e2b-001a6baeef12}]
Auto\command- G:\auto.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce3e26c4-37c7-11dd-bb68-806e6f6e6963}]
Auto\command- G:\auto.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\auto.exe
open\command- wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d991e14a-52a8-11dd-8d73-001cbf2edf16}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL protector.exe
infected\command- protector.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da270450-4dda-11dd-b5d2-001a6baeef12}]
Auto\command- G:\boot.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da36541f-518e-11dd-adee-001a6baeef12}]
AutoRun\command- 1ce.cmd
explore\Command- 1ce.cmd
open\Command- 1ce.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da365425-518e-11dd-adee-001a6baeef12}]
AutoRun\command- 1ce.cmd
explore\Command- 1ce.cmd
open\Command- 1ce.cmd

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-08-07 19:47:53 ------------

looking forward to your reply.
Thanks.
Posted Image

#5 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:32 PM

Posted 07 August 2008 - 05:19 PM

Hi Fortknox,

I can see you are still infected from visiting crack sites - using illegal software! :thumbsup:

From the logs I can see that you actually installed some kegen, cracks that appear on crack sites to get access to the cracks. They install the malware on your system. :)

If you visit crack sites, use cracks, you'll ALWAYS get infected.
This not only because of the crack itself, but because one single click entering that site may already download and install a huge malware bundle.

You really have to change your surfing habits, because these malware bundles may contain a key logger, collecting all your passwords and installing other random malware, compromising your system including infecting other computers.
And this all, because you visited some illegal sites.

Also, keep in mind, malware DAMAGES A LOT! And the damage can't always be repaired, so a format and reinstall is the only solution in such cases.

So is it really worth it? Get illegal software for "free", but compromise/break your computer instead....
Better to avoid this instead and change your surfing habits. Then this wouldn't have happened.





c:\Program Files\Java\jre1.6.0_05\bin\jusched.exe


I am still seeing an old version of Java on your computer. :)

You need to uninstall Java 6 Update 5, Java SE Runtime Environment 6 and download the new version. See my previous thread on the way to download and install the new version.

Then run DSS and post the DSS Main.txt log.

Edited by SifuMike, 07 August 2008 - 05:52 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 Fortknox

Fortknox
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lagos, Nigeria
  • Local time:04:32 PM

Posted 08 August 2008 - 12:51 AM

Thanks agreat deal, I sure will change my surfing / downloading habit .... dont wanna get into more serious trouble.
below is the result after reinstalling the new java ...

Deckard's System Scanner v20071014.68
Run by Adewale on 2008-08-08 06:47:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Adewale.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:47:45, on 08/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Folder Guard Pro\FGKey.exe
C:\Program Files\Avanquest\AutoSave\AutoSave.exe
C:\Program Files\A.C. Element MyUSBOnly\SMSS.EXE
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Adewale\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Adewale.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pimpmysearch.com/home.html?gnam...'s%20Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [FG_Monitor] C:\Program Files\Folder Guard Pro\FGKey.exe /Start
O4 - HKLM\..\Run: [AutoSave] "C:\Program Files\Avanquest\AutoSave\AutoSave.exe" /Autorun
O4 - HKLM\..\Run: [USBO] "C:\Program Files\A.C. Element MyUSBOnly\SMSS.EXE" /autostart
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk2/downloads/sysinfo.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll vjnixa.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IBService - Unknown owner - C:\Program Files\Invisible Browsing\servers\IBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Removable Storage Control Service (MYUSSER) - PMYUSSER - C:\Program Files\A.C. Element MyUSBOnly\MYUSSER.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14735 bytes

-- Files created between 2008-07-08 and 2008-08-08 -----------------------------

2008-08-07 23:35:58 0 d-------- C:\Program Files\iPod
2008-08-07 23:35:50 0 d-------- C:\Program Files\iTunes
2008-08-07 23:34:17 0 d-------- C:\Program Files\Bonjour
2008-08-07 23:29:27 0 d-------- C:\Windows\LastGood
2008-08-07 23:28:29 0 d-------- C:\Users\All Users\Apple
2008-08-07 23:28:29 0 d-------- C:\Program Files\Common Files\Apple
2008-08-07 23:21:52 0 d-------- C:\Program Files\WordWeb
2008-08-07 23:16:14 0 d-------- C:\Program Files\AnalogX
2008-08-07 20:26:31 0 d-------- C:\Program Files\Common Files\Java
2008-08-07 19:47:01 0 d-------- C:\Program Files\Trend Micro
2008-08-07 19:18:41 173 --a------ C:\Windows\kmukey.sys
2008-08-06 00:47:25 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-06 00:27:05 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-08-06 00:26:22 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-08-06 00:25:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-03 19:22:59 2560 --a------ C:\Windows\system32\drivers\mchInjDrv.sys
2008-08-02 12:46:52 0 d-------- C:\Users\All Users\Malwarebytes
2008-08-02 12:46:52 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-01 23:54:32 0 d-------- C:\Program Files\Anti Trojan Elite
2008-08-01 23:40:03 0 d-------- C:\Windows\vf_hip
2008-08-01 23:40:03 0 d-------- C:\Program Files\Hide IP Platinum
2008-08-01 21:20:25 0 d-------- C:\Program Files\Enigma Software Group
2008-08-01 20:39:35 90624 --a------ C:\Windows\system32\fluhauir.dll
2008-08-01 10:40:08 4885 --a------ C:\Windows\kmuusb.sys
2008-08-01 10:40:08 14 --a------ C:\Windows\kmuudr.sys
2008-08-01 10:38:50 0 d-------- C:\Users\All Users\MyUSBOnly
2008-08-01 10:38:50 0 d-------- C:\Program Files\A.C. Element MyUSBOnly
2008-08-01 10:25:49 0 d-------- C:\Program Files\ProxyFinder
2008-08-01 00:52:30 0 d-------- C:\Program Files\Passware
2008-08-01 00:52:03 199 --a------ C:\melt1.bat
2008-08-01 00:20:15 0 d-------- C:\Program Files\Advanced PC Tweaker
2008-07-30 23:28:14 345 --ahs---- C:\Windows\system32\lkQYaGgh.ini2
2008-07-30 22:12:01 0 d-------- C:\Program Files\Invisible Browsing
2008-07-30 19:57:30 0 d-------- C:\Program Files\Download Direct
2008-07-30 01:10:06 0 d-------- C:\Program Files\Intelore
2008-07-30 00:18:33 345 --ahs---- C:\Windows\system32\VGijlnnn.ini2
2008-07-29 23:41:40 0 d-------- C:\Program Files\ElcomSoft
2008-07-29 23:12:54 0 d-------- C:\Program Files\FDRLab
2008-07-29 07:50:20 0 d-------- C:\Program Files\WriteExpress
2008-07-28 23:16:07 32 --a------ C:\Windows\go
2008-07-28 14:15:12 0 d-------- C:\Program Files\Picasa2
2008-07-28 14:10:50 0 d-------- C:\Program Files\Western Digital Technologies
2008-07-27 21:33:33 341 --a------ C:\RestoreBackup.bat
2008-07-27 21:33:33 0 d-------- C:\Backup
2008-07-27 21:04:35 0 d-------- C:\Program Files\Internet Download Manager
2008-07-26 21:20:39 0 d-------- C:\Program Files\Avanquest
2008-07-25 20:48:51 0 d-------- C:\Program Files\Folder Guard Pro
2008-07-23 23:32:00 0 d-------- C:\Program Files\Password Solutions
2008-07-23 23:12:00 0 d-------- C:\Program Files\SeePassword
2008-07-23 18:37:47 0 d-------- C:\Windows\Sun
2008-07-17 07:54:27 0 d--h----- C:\AUTORUN.INF
2008-07-17 07:52:41 0 d-------- C:\Program Files\USB Disk Security
2008-07-14 11:28:36 0 d-------- C:\Program Files\Total Video Converter
2008-07-09 23:48:51 0 d-------- C:\Users\All Users\eMule
2008-07-09 21:09:43 0 -rahs---- C:\MSDOS.SYS
2008-07-09 21:09:43 0 -rahs---- C:\IO.SYS
2008-07-09 20:59:19 0 d-------- C:\Windows\system32\URTTEMP
2008-07-09 08:58:29 0 d-------- C:\Program Files\ReGet Software
2008-07-09 08:58:29 0 d-------- C:\Program Files\Common Files\ReGet Shared
2008-07-09 00:31:59 0 d-------- C:\Program Files\LimeWire
2008-07-09 00:17:35 0 d-------- C:\Program Files\FlashGet
2008-07-09 00:08:08 0 d-------- C:\Program Files\Free Download Manager


-- Find3M Report ---------------------------------------------------------------

2008-08-07 23:33:33 0 d-------- C:\Program Files\QuickTime
2008-08-07 23:28:29 0 d-------- C:\Program Files\Common Files
2008-08-07 20:27:47 0 d-------- C:\Program Files\Java
2008-08-07 20:24:23 42621 --a------ C:\Users\Adewale\AppData\Roaming\nvModes.dat
2008-08-07 20:24:21 42621 --a------ C:\Users\Adewale\AppData\Roaming\nvModes.001
2008-08-07 20:23:49 0 d-------- C:\Users\Adewale\AppData\Roaming\DMCache
2008-08-07 20:21:59 8252 --a------ C:\Windows\bthservsdp.dat
2008-08-06 18:09:06 0 d-------- C:\Users\Adewale\AppData\Roaming\Ahead
2008-08-06 00:26:22 0 d-------- C:\Users\Adewale\AppData\Roaming\SUPERAntiSpyware.com
2008-08-03 12:53:37 0 d-------- C:\Users\Adewale\AppData\Roaming\Image Zone Express
2008-08-02 12:46:56 0 d-------- C:\Users\Adewale\AppData\Roaming\Malwarebytes
2008-08-02 11:19:42 0 d-------- C:\Program Files\Google
2008-08-02 00:40:49 0 d-------- C:\Program Files\Symantec
2008-08-02 00:38:28 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-31 23:08:58 0 d-------- C:\Users\Adewale\AppData\Roaming\Thinstall
2008-07-31 23:05:43 0 d-------- C:\Users\Adewale\AppData\Roaming\Hide IP NG
2008-07-31 21:25:29 0 d-------- C:\Users\Adewale\AppData\Roaming\HideIP
2008-07-30 00:09:01 0 d-------- C:\Users\Adewale\AppData\Roaming\IDM
2008-07-29 07:51:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-28 14:20:47 8 --a------ C:\Users\Adewale\AppData\Roaming\usb.dat.bin
2008-07-27 05:19:45 0 d-------- C:\Users\Adewale\AppData\Roaming\Password Solutions
2008-07-25 21:32:09 0 d-------- C:\Users\Adewale\AppData\Roaming\Folder Guard
2008-07-23 21:54:00 0 d-------- C:\Program Files\Sony Ericsson
2008-07-23 18:40:39 0 d-------- C:\Users\Adewale\AppData\Roaming\Yahoo!
2008-07-17 12:58:35 0 d-------- C:\Program Files\AceMoney
2008-07-17 07:29:39 0 d-------- C:\Program Files\Apple Software Update
2008-07-11 06:38:04 0 d-------- C:\Users\Adewale\AppData\Roaming\U3
2008-07-11 05:31:56 0 d-------- C:\Users\Adewale\AppData\Roaming\Download Manager
2008-07-11 02:07:20 0 d-------- C:\Users\Adewale\AppData\Roaming\uTorrent
2008-07-09 22:40:03 0 d-------- C:\Users\Adewale\AppData\Roaming\LimeWire
2008-07-09 21:27:39 0 d-------- C:\Users\Adewale\AppData\Roaming\Teleca
2008-07-09 18:07:32 0 d-------- C:\Users\Adewale\AppData\Roaming\ReGet Software
2008-07-09 03:11:43 174 --ahs---- C:\Program Files\desktop.ini
2008-07-09 00:17:44 0 d-------- C:\Users\Adewale\AppData\Roaming\FlashGet
2008-07-08 20:46:41 0 d-------- C:\Users\Adewale\AppData\Roaming\WinRAR
2008-07-01 22:31:22 0 d-------- C:\Program Files\Norton 360
2008-06-08 00:30:05 0 d-------- C:\Program Files\Common Files\LightScribe
2008-06-08 00:26:57 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-08 00:22:55 0 d-------- C:\Program Files\Nero
2008-06-04 20:32:24 0 --a------ C:\Windows\nsreg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
30/06/2008 13:44 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
06/05/2008 12:03 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [30/06/2008 13:44 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [07/10/2007 11:55]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [11/03/2007 12:21]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [29/04/2007 11:05]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [29/04/2007 11:05]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [29/04/2007 11:05]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [12/02/2007 15:37]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [13/02/2007 19:38]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [01/03/2007 21:18]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [11/01/2007 00:12]
"CognizanceTS"="C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [22/12/2003 07:12]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 01:47]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [18/02/2008 20:37]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [26/02/2008 15:50]
"USB Antivirus"="C:\Program Files\USB Disk Security\USBGuard.exe" [21/06/2008 13:46]
"FG_Monitor"="C:\Program Files\Folder Guard Pro\FGKey.exe" [05/01/2008 00:00]
"AutoSave"="C:\Program Files\Avanquest\AutoSave\AutoSave.exe" [27/01/2007 16:54]
"USBO"="C:\Program Files\A.C. Element MyUSBOnly\SMSS.exe" [05/06/2008 10:55]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [25/06/2007 08:47]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [22/07/2008 20:42]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/07/2008 10:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [17/03/2008 17:23]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 13:36]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [27/07/2008 21:33]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [30/08/2007 17:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

C:\Users\Adewale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [07/08/2008 23:21:53]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NofolderOptions"=0 (0x0)
"NoRun"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=APSHook.dll vjnixa.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\Windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mRouterConfig]
"C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones]
"C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
Cognizance ASBroker ASChannel
GPSvcGroup GPSvc
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27b0edda-f4fa-11dc-b80e-001a6baeef12}]
Auto\command- auto.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
open\command- wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28f34c26-55dc-11dd-b4c0-001cbf2edf16}]
Auto\command- RavMon.exe e
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28f34c2c-55dc-11dd-b4c0-001cbf2edf16}]
Auto\command- RavMon.exe e
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44f15436-f516-11dc-bf37-001a6baeef12}]
AutoRun\command- wscript.exe .\.vbs
open\command- wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57b7b4f0-fcde-11dc-90e4-001a6baeef12}]
AutoRun\command- wscript.exe .\.vbs
open\command- wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57b7b4fd-fcde-11dc-90e4-001a6baeef12}]
AutoRun\command- EXPLORER.EXE
explore\Command- EXPLORER.EXE
open\Command- EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{580807f7-2447-11dd-8c36-001a6baeef12}]
AutoRun\command- u2.cmd
explore\Command- u2.cmd
open\Command- u2.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6937553f-25de-11dd-90a6-001a6baeef12}]
AutoRun\command- H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b35b3a9a-281f-11dd-a4eb-001a6baeef12}]
AutoRun\command- xn1i9x.com
explore\Command- xn1i9x.com
open\Command- xn1i9x.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bddc7bcd-37cc-11dd-8e2b-001a6baeef12}]
Auto\command- G:\auto.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce3e26c4-37c7-11dd-bb68-806e6f6e6963}]
Auto\command- G:\auto.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\auto.exe
open\command- wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d991e14a-52a8-11dd-8d73-001cbf2edf16}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL protector.exe
infected\command- protector.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da270450-4dda-11dd-b5d2-001a6baeef12}]
Auto\command- G:\boot.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da36541f-518e-11dd-adee-001a6baeef12}]
AutoRun\command- 1ce.cmd
explore\Command- 1ce.cmd
open\Command- 1ce.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da365425-518e-11dd-adee-001a6baeef12}]
AutoRun\command- 1ce.cmd
explore\Command- 1ce.cmd
open\Command- 1ce.cmd

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-08-08 06:48:32 ------------

Thanks.
Posted Image

#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:32 PM

Posted 08 August 2008 - 10:41 AM

Hi Fortknox,

Your system is infected with a Flash Drive infector plus other infections. :thumbsup: A real mess.

Warning: Any flash / jump drives you have connected to this system since your infection have been compromised by a flash drive infector.
We are going to run a tool as part of the following fix which will disinfect your machine, as well as clean any flash drives connected to the system.
It is advised you connect any flash drives that have been connected to this machine during this time frame to this system for the following fix, in order to disinfect them.

Please let owners of other machines to which you have connected any flash media or drives that their machines may now be infected.

We need to remove the Flash Drive infector

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.

The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone.

Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

********************

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.


Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck

      File - Additional Folder Scans

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here.
I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].


If, after posting, the last line is not >End of Report< then the log is too big to fit into a single post.

If the file is too big to post, then you can upload it to me here.

Edited by SifuMike, 08 August 2008 - 12:18 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:32 PM

Posted 13 August 2008 - 03:25 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:32 PM

Posted 21 August 2008 - 04:53 PM

topic reopened
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 Fortknox

Fortknox
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lagos, Nigeria
  • Local time:04:32 PM

Posted 21 August 2008 - 05:20 PM

Posted OTScanit log into the link provided.
Thanks!
Posted Image

#11 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:32 PM

Posted 21 August 2008 - 08:47 PM

Hi Fortknox,

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%allusersprofile%\bm744c1fa0.xml
%allusersprofile%\pskt.ini
%systemdrive%\melt1.bat
%systemroot%\mngui.ini
%systemroot%\system32\fluhauir.dll
%systemroot%\system32\lkqyaggh.ini
%systemroot%\system32\lkqyaggh.ini2
%systemroot%\system32\vgijlnnn.ini
%systemroot%\system32\vgijlnnn.ini2
%userprofile%\documents\184_symbian_keygens.dld

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Script Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengers actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> APSHook.dll vjnixa.dll -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> {16664848-0E00-11D2-8059-000000000000} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. []
[Files/Folders - Created Within 30 days]
NY -> fluhauir.dll -> %SystemRoot%\System32\fluhauir.dll
NY -> lkQYaGgh.ini -> %SystemRoot%\System32\lkQYaGgh.ini
NY -> lkQYaGgh.ini2 -> %SystemRoot%\System32\lkQYaGgh.ini2
NY -> VGijlnnn.ini -> %SystemRoot%\System32\VGijlnnn.ini
NY -> VGijlnnn.ini2 -> %SystemRoot%\System32\VGijlnnn.ini2
NY -> mngui.INI -> %SystemRoot%\mngui.INI
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> BM744c1fa0.xml -> %AllUsersProfile%\BM744c1fa0.xml
NY -> pskt.ini -> %AllUsersProfile%\pskt.ini
NY -> 184_Symbian_Keygens.dld -> %UserProfile%\Documents\184_Symbian_Keygens.dld
[Files/Folders - Modified Within 30 days]
NY -> melt1.bat -> %SystemDrive%\melt1.bat
NY -> fluhauir.dll -> %SystemRoot%\System32\fluhauir.dll
NY -> lkQYaGgh.ini -> %SystemRoot%\System32\lkQYaGgh.ini
NY -> lkQYaGgh.ini2 -> %SystemRoot%\System32\lkQYaGgh.ini2
NY -> VGijlnnn.ini -> %SystemRoot%\System32\VGijlnnn.ini
NY -> VGijlnnn.ini2 -> %SystemRoot%\System32\VGijlnnn.ini2
NY -> mngui.INI -> %SystemRoot%\mngui.INI
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> BM744c1fa0.xml -> %AllUsersProfile%\BM744c1fa0.xml
NY -> pskt.ini -> %AllUsersProfile%\pskt.ini
NY -> 184_Symbian_Keygens.dld -> %UserProfile%\Documents\184_Symbian_Keygens.dld
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Step #4

Run a new OTScanIt scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:


    • File - Additional Folder Scans

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Post the following back here:
1. The Avenger report (c:\Avenger.txt). This will be a small report, so you can post it.

2. The latest OTScanIt fix log (look in the OTScanIt folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. ) This will be a small report, so you can post it.

3. The new OTScanIt scan log.
If the file is too big to post, then you can upload it to me here.
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 Fortknox

Fortknox
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lagos, Nigeria
  • Local time:04:32 PM

Posted 23 August 2008 - 01:41 AM

SifuMike,
Thanks a great deal...
below are the results!

1. The Aneger Report.

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\ProgramData\bm744c1fa0.xml" deleted successfully.
File "C:\ProgramData\pskt.ini" deleted successfully.
File "C:\melt1.bat" deleted successfully.
File "C:\Windows\mngui.ini" deleted successfully.
File "C:\Windows\system32\fluhauir.dll" deleted successfully.
File "C:\Windows\system32\lkqyaggh.ini" deleted successfully.
File "C:\Windows\system32\lkqyaggh.ini2" deleted successfully.
File "C:\Windows\system32\vgijlnnn.ini" deleted successfully.
File "C:\Windows\system32\vgijlnnn.ini2" deleted successfully.
File "C:\Users\Adewale\documents\184_symbian_keygens.dld" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


2. The Latest OTScanIt Fix log.

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:APSHook.dll vjnixa.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{16664848-0E00-11D2-8059-000000000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16664848-0E00-11D2-8059-000000000000}\ not found.
[Files/Folders - Created Within 30 days]
File C:\Windows\System32\fluhauir.dll not found!
File C:\Windows\System32\lkQYaGgh.ini not found!
File C:\Windows\System32\lkQYaGgh.ini2 not found!
File C:\Windows\System32\VGijlnnn.ini not found!
File C:\Windows\System32\VGijlnnn.ini2 not found!
File C:\Windows\mngui.INI not found!
[Files Created - Additional Folder Scans - Non-Microsoft Only]
File C:\ProgramData\BM744c1fa0.xml not found!
File C:\ProgramData\pskt.ini not found!
File C:\Users\Adewale\Documents\184_Symbian_Keygens.dld not found!
[Files/Folders - Modified Within 30 days]
File C:\melt1.bat not found!
File C:\Windows\System32\fluhauir.dll not found!
File C:\Windows\System32\lkQYaGgh.ini not found!
File C:\Windows\System32\lkQYaGgh.ini2 not found!
File C:\Windows\System32\VGijlnnn.ini not found!
File C:\Windows\System32\VGijlnnn.ini2 not found!
File C:\Windows\mngui.INI not found!
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
File C:\ProgramData\BM744c1fa0.xml not found!
File C:\ProgramData\pskt.ini not found!
File C:\Users\Adewale\Documents\184_Symbian_Keygens.dld not found!
[Empty Temp Folders]
File delete failed. C:\Users\Adewale\AppData\Local\Temp\~DF2165.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Adewale\AppData\Local\Temp\~DF3319.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Adewale\AppData\Local\Temp\~DF333C.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\JET8390.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\TMP0000006626C4E418FA67F3B6 scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.16.2 fix logfile created on 08222008_220527

Files moved on Reboot...
C:\Users\Adewale\AppData\Local\Temp\~DF2165.tmp moved successfully.
File C:\Users\Adewale\AppData\Local\Temp\~DF3319.tmp not found!
File C:\Users\Adewale\AppData\Local\Temp\~DF333C.tmp not found!
File C:\Windows\temp\JET8390.tmp not found!
File C:\Windows\temp\TMP0000006626C4E418FA67F3B6 not found!


3. New OTScanIt Scan log is sent via other link given cos its large!


4. F-Secure Online Scanner Result

Scanning Report
Friday, August 22, 2008 22:36:50 - 05:55:13
Computer name: ADEWALE-PC
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\ F:\


--------------------------------------------------------------------------------

Result: 10 malware found
TrackingCookie.Adbrite (spyware)
System
TrackingCookie.Adinterax (spyware)
System
TrackingCookie.Atdmt (spyware)
System
TrackingCookie.Clickbank (spyware)
System
TrackingCookie.Doubleclick (spyware)
System
TrackingCookie.Emediate (spyware)
System
TrackingCookie.Questionmarket (spyware)
System
TrackingCookie.Revsci (spyware)
System
TrackingCookie.Webtrends (spyware)
System
Trojan-Downloader:W32/Agent.HBA (virus)
C:\USERS\ADEWALE\APPDATA\ROAMING\IDM\CRACK.EXE (Renamed & Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 63549
System: 5443
Not scanned: 145
Actions:
Disinfected: 0
Renamed: 1
Deleted: 0
None: 9
Submitted: 1
Files not scanned:


--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Hydra: 2.8.8110, 2008-08-22
F-Secure Pegasus: 1.20.0, 2008-04-15
F-Secure AVP: 7.0.171, 2008-08-21
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

Thanks a great deal...looking forward to ur next reply.
Posted Image

#13 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:32 PM

Posted 23 August 2008 - 11:34 AM

Hi Fortknox,

That log looks fine. :thumbsup:

If there aren't any other issues then go ahead and run the system normally for a day and then get back with me and let me know if there are any continuing issues.

If everything is Ok at that time, then we have some final cleanup to do and you'll be good to go. :)
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 Fortknox

Fortknox
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lagos, Nigeria
  • Local time:04:32 PM

Posted 23 August 2008 - 01:59 PM

SifuMike,
Thanks a great deal, i really do appreciate all the help.
will sure get back to you soon.
one more thing...how can i be part of the HJT team? , even for starters like me, i really will like to be of help to others too in my own little way if possibe.
Thanks Man!
Posted Image

#15 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:32 PM

Posted 23 August 2008 - 03:19 PM

Your very welcome. :thumbsup:

...how can i be part of the HJT team? , even for starters like me, i really will like to be of help to others too in my own little way if possibe.



Everyone here started from the bottom and worked their way up. You will need to train for many months to be a member, and it involves a commitment (of time and effort) on your part.

Read this link:
http://www.bleepingcomputer.com/forums/t/86678/malware-removal-training-program/
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users