Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects


  • This topic is locked This topic is locked
7 replies to this topic

#1 sn2938

sn2938

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 12 September 2008 - 02:27 PM

Hey everyone, sorry for bringing this up. I have seen numerous topics about it I just can not figure it out. It seems like some type of DNS hack or something. Anyways here is my Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:24:15 PM, on 9/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKCU\..\Run: [IE New Window Maximizer] "C:\Program Files\IE New Window Maximizer\iemaximizer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.5.107.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196878528487
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196878517503
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O21 - SSODL: DscSrv - {0CE74191-9D1E-0B9B-820D-0161A15E6211} - C:\Program Files\qtughlc\DscSrv.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 5923 bytes

BC AdBot (Login to Remove)

 


#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:05:49 AM

Posted 26 September 2008 - 09:55 AM

Hello and welcome to BC


Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
    Note: If you are using Windows Vista, right click at RSIT.exe and select 'Run as administrator'.

  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply please post back with the following reports:
  • RSIT log.txt
  • RSIT info.txt
  • Kaspersky report
Regards
SNOWHITE
Posted Image

#3 sn2938

sn2938
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 28 September 2008 - 09:22 AM

Thanks for replying back ran both things mentioned and here are the logs:

LOG.txt:

Logfile of random's system information tool 1.02 (written by random/random)
Run by Seth at 2008-09-28 08:12:12
Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (23%) free of 38 GB
Total RAM: 1023 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:19 AM, on 9/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Seth\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Seth.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKCU\..\Run: [IE New Window Maximizer] "C:\Program Files\IE New Window Maximizer\iemaximizer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.5.107.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196878528487
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196878517503
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 5005 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\LifeChatTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-08-25 2549368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll [2008-08-25 651760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-08-25 2549368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"BootSkin Startup Jobs"=C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe [2004-04-26 270336]
"LifeChat"=C:\Program Files\Microsoft LifeChat\LifeChat.exe [2008-08-21 267296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IE New Window Maximizer"=C:\Program Files\IE New Window Maximizer\iemaximizer.exe [2005-02-09 356352]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-25 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-25 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2
"RemoteRegistry"=2
"RDSessMgr"=3
"RasMan"=3
"RasAuto"=3
"PnkBstrA"=2
"iPod Service"=3
"gusvc"=3
"avast! Mail Scanner"=3
"Ati HotKey Poller"=2
"Adobe LM Service"=3
"UxTuneUp"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-09-29 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\DC++ 0.698\DCPlusPlus.exe"="C:\Program Files\DC++ 0.698\DCPlusPlus.exe:*:Enabled:DC++"
"C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\DC++ 0.707\DCPlusPlus.exe"="C:\Program Files\DC++ 0.707\DCPlusPlus.exe:*:Enabled:DC++"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-09-28 08:12:12 ----D---- C:\rsit
2008-09-12 15:17:46 ----D---- C:\Program Files\Trend Micro
2008-09-12 14:43:15 ----D---- C:\Program Files\qtughlc
2008-09-09 14:18:20 ----D---- C:\Program Files\Microsoft LifeChat
2008-09-01 10:46:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-01 10:45:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-01 10:45:48 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-01 10:44:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-01 10:44:52 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-01 10:44:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-01 10:43:22 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-01 10:43:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951618-v2$
2008-09-01 10:43:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-01 10:42:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-01 10:01:20 ----D---- C:\Program Files\DC++ 0.707
2008-08-30 13:56:51 ----A---- C:\WINDOWS\system32\vfwwdm32.dll

======List of files/folders modified in the last 1 months======

2008-09-28 08:12:02 ----D---- C:\WINDOWS\Prefetch
2008-09-28 06:55:26 ----D---- C:\WINDOWS\Temp
2008-09-25 14:01:27 ----D---- C:\Program Files\World of Warcraft
2008-09-18 13:42:10 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-17 11:42:01 ----D---- C:\WINDOWS\system32\drivers
2008-09-17 11:41:39 ----D---- C:\WINDOWS
2008-09-17 11:41:39 ----A---- C:\WINDOWS\TMP0001.TMP
2008-09-12 15:21:49 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-12 15:17:46 ----AD---- C:\Program Files
2008-09-12 14:44:34 ----SHD---- C:\Config.Msi
2008-09-12 14:44:32 ----SHD---- C:\WINDOWS\Installer
2008-09-12 14:44:28 ----D---- C:\WINDOWS\system32
2008-09-12 14:44:18 ----HD---- C:\WINDOWS\inf
2008-09-12 14:44:09 ----D---- C:\Program Files\Internet Explorer
2008-09-12 14:43:54 ----D---- C:\WINDOWS\AppPatch
2008-09-12 14:43:39 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-12 14:43:39 ----D---- C:\WINDOWS\twain_32
2008-09-12 14:43:30 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-09-12 14:43:26 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-12 14:43:04 ----D---- C:\Program Files\Curse
2008-09-12 14:42:10 ----D---- C:\Program Files\Google
2008-09-12 14:40:22 ----D---- C:\Program Files\Silkroad
2008-09-12 14:40:21 ----D---- C:\Program Files\Opera
2008-09-12 14:39:40 ----D---- C:\Program Files\Messenger
2008-09-12 14:39:23 ----D---- C:\Program Files\Microsoft Silverlight
2008-09-12 14:39:08 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-12 14:38:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-12 14:38:37 ----D---- C:\WINDOWS\system32\Restore
2008-09-12 14:32:51 ----D---- C:\WINDOWS\network diagnostic
2008-09-10 15:54:58 ----SD---- C:\WINDOWS\Tasks
2008-09-01 10:50:46 ----D---- C:\Program Files\DC++ 0.698
2008-09-01 10:46:05 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-01 10:46:02 ----A---- C:\WINDOWS\imsins.BAK
2008-09-01 10:45:15 ----D---- C:\WINDOWS\ie7updates
2008-09-01 10:43:18 ----D---- C:\WINDOWS\Help
2008-09-01 10:18:36 ----D---- C:\Documents and Settings
2008-08-30 14:30:43 ----AC---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 atitray;atitray; \??\C:\Program Files\Radeon Omega Drivers\v3.8.291\ATI Tray Tools\atitray.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 KKW_HID;Kensington HIDClass Filter Driver; C:\WINDOWS\System32\DRIVERS\KKW_HID.sys [2005-04-01 14208]
R3 KMW_KBD;Kensington Input Devices Class filter driver; C:\WINDOWS\System32\DRIVERS\KMW_KBD.sys [2006-08-03 5376]
R3 KMW_SYS;Kensington MouseWorks Mouse filter driver; C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys [2006-08-03 91648]
R3 KMW_USB;Kensington MouseWorks USB filter driver; C:\WINDOWS\system32\DRIVERS\KMW_USB.sys [2006-08-03 10112]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 16074]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SQTECH905C;ViviCam 35; C:\WINDOWS\System32\Drivers\Capt905c.sys [2005-01-25 33307]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-02-02 520192]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-12-12 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-25 137200]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-10-09 66872]
S4 UxTuneUp;TuneUp Design Expansion; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S4 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2001-05-01 53248]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

INFO.txt:

info.txt logfile of random's system information tool 1.02 2008-09-28 08:12:22

======Uninstall list======

-->C:\PROGRA~1\ALLTEL~1\bin\CustomUninstall.exe ALLTEL
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Professional-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Alien Disco Safari-->C:\Program Files\Alien Disco Safari\setup.exe -u
ALLTEL DSL Check-up Center-->C:\WINDOWS\Motive\ALLTEL\MCCUninst.exe
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BitPim 1.0.5-->"C:\Program Files\BitPim\unins000.exe"
BitTorrent 4.20.4-->"C:\Program Files\BitTorrent\uninstall.exe"
BootSkin-->C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\UNWISE.EXE C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\INSTALL.LOG
CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe"
Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Curse Client-->C:\Program Files\Curse\uninstall.exe
dBpowerAMP Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
dBpowerAMP WMA V7 Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP WMA V7 Codec.dat
DC++ 0.707-->"C:\Program Files\DC++ 0.707\uninstall.exe"
Disney Pirates of the Caribbean Online-->C:\Program Files\Disney\Disney Online\PiratesOnline\uninst.exe
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Guild Wars-->"C:\Program Files\Guild Wars\Gw.exe" -uninstall
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IE New Window Maximizer 2.4-->"C:\Program Files\IE New Window Maximizer\unins000.exe"
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kensington Keyboard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2D12105-0CA1-11D9-A3EB-0001025FA304}\setup.exe" -l0x9 -u
Kensington MouseWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C78937F-0C8E-11D9-A3EB-0001025FA304}\setup.exe" -l0x9 -u
Lavasoft Reghance 2.1 -licensed--->C:\PROGRA~1\LAVASO~1\UNWISE.EXE C:\PROGRA~1\LAVASO~1\INSTALL.LOG
LG USB Drivers-->C:\PROGRA~1\LGDRIV~1\LGUSBD~1\UNWISE.EXE C:\PROGRA~1\LGDRIV~1\LGUSBD~1\INSTALL.LOG
Magelo Sync (uninstall only)-->"C:\Program Files\Magelo\Magelo Sync\UnInstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft LifeChat-->MsiExec.exe /X{66039B36-96AE-40D1-8A32-071F7A61B738}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Move Networks Player for Internet Explorer-->"C:\Documents and Settings\Seth\Application Data\Move Networks\ie_bin\unins000.exe"
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MultiRes (remove only)-->C:\Program Files\MultiRes\uninstal.exe
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Photo Viewer 2.3-->"C:\Program Files\Photo Viewer\uninstall.exe"
PIXresizer 1.0.9-->"C:\Program Files\PIXresizer\unins000.exe"
PrimoPDF-->"C:\WINDOWS\PrimoPDF4\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstallPrimoPDF4.xml"
QuickLink Mobile Phonebook-->C:\PROGRA~1\QUICKL~1\UNWISE.EXE C:\PROGRA~1\QUICKL~1\INSTALL.LOG
Radeon Omega Drivers v3.8.291 Setup Files and Tools-->"C:\WINDOWS\Radeon Omega Drivers v3.8.291 Uninstall.exe" "/U:C:\Program Files\Radeon Omega Drivers\v3.8.291\Omega Uninstall.xml"
Radeon Omega Drivers v3.8.330 Setup Files and Tools-->"C:\WINDOWS\Radeon Omega Drivers v3.8.330 Uninstall.exe" "/U:C:\Program Files\Radeon Omega Drivers\v3.8.330\Omega Uninstall.xml"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0x9 REMOVE
Reflex-->C:\WINDOWS\UnGins.exe "C:\Program Files\Reflex\install.log"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
TuneUp Utilities 2006-->MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
Tweak-XP Pro 4-->C:\WINDOWS\iun6002.exe "C:\Program Files\Tweak-XP Pro 4\irunin.ini"
ULi M5289 SATA Controller Driver-->C:\WINDOWS\System32\unM5289.EXE C:\WINDOWS\IsUninst.exe -y -fC:\WINDOWS\System32\ALiM5289.isu
ULi PCI to AGP Controller Driver-->C:\WINDOWS\System32\UnAGP.EXE C:\WINDOWS\IsUninst.exe -y -fC:\WINDOWS\System32\ALiAGP.isu
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wolfenstein - Enemy Territory-->C:\PROGRA~1\WOLFEN~1\Uninstall\Unwise.exe /u C:\PROGRA~1\WOLFEN~1\Uninstall\Install.log
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 080927-0]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

Kaspersky report:

KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, September 28, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, September 28, 2008 13:28:02
Records in database: 1267914


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\

Scan statistics
Files scanned 83536
Threat name 3
Infected objects 5
Suspicious objects 0
Duration of the scan 00:56:43

File name Threat name Threats count
C:\Documents and Settings\Seth\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Documents and Settings\Seth\My Documents\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Program Files\Wolfenstein - Enemy Territory\260 - 260b Patch Selector.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 2

C:\WINDOWS\system32\jyjktkzu.exe Infected: Trojan.Win32.Obfuscated.gx 1

The selected area was scanned.

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:49 PM

Posted 29 September 2008 - 09:40 PM

Hello, sn2938.
Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.
We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\WINDOWS\system32\jyjktkzu.exe
    C:\Program Files\Wolfenstein - Enemy Territory\260 - 260b Patch Selector.exe
    
    :commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Please download SDFix by AndyManchesta and save it to your desktop.
Note: When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Double click SDFix.exe and it will extract the files to %systemdrive%
    • (this is the drive that contains the Windows Directory, typically C:\SDFix).
    • DO NOT use it just yet.
  • Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
  • Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Copy and paste the contents of the results file Report.txt in your next reply, along with a new HijackThis log.
Note: If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..."
Please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press Ok and then run SDFix again.

Note: If the Command Prompt window flashes on then off again on XP or Win 2000, please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\FixPath.exe /Q
Reboot and then run SDFix again.

Note: If SDFix still does not run, check the %comspec% variable. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe.
%SystemRoot%\system32\cmd.exe

In your next reply, please include the following:
  • OTMoveIt3's Log
  • SDFix's Report

Billy3

Edited by Billy O'Neal, 29 September 2008 - 09:41 PM.
MbaM to SDFix due to DDoS

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 sn2938

sn2938
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 30 September 2008 - 03:48 PM

First thanks for replying and for the additional i help. I done both are requested and logs are below.

When i ran OTMoveIt3 the first time my virus scanner went nuts and popped up with jyjktkzu.exe blah blah virus, so i clicked on delete. Well when i did that it locked up OTMoveIt3, so i just closed and restarted the program.


========== FILES ==========
File/Folder C:\WINDOWS\system32\jyjktkzu.exe not found.
File/Folder C:\Program Files\Wolfenstein - Enemy Territory\260 - 260b Patch Selector.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Seth\LOCALS~1\Temp\~DFAD74.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_600.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.2.2 log created on 09302008_162219



SDFix: Version 1.230
Run by Seth on Tue 09/30/2008 at 04:31 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 16:37:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{3abf6f2d-71c4-462a-8a92-1e6861e6af27}\##?#PCI#VEN_10B9&DEV_5237&SUBSYS_50041458&REV_03#3&13c0b0c5&0&7A#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}\#]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\BusInformation]
"{441ee000-4342-11d5-a184-00c04f60524d}"=dword:00000002
"{441ee001-4342-11d5-a184-00c04f60524d}"=dword:00000002
"{c4ca1000-2ddc-11d5-a17a-00c04f60524d}"=dword:00000002
"{c8ebdfb0-b510-11d0-80e5-00a0c92542e3}"=dword:00000001
"{9d7debbc-c85d-11d1-9eb4-006008c3a19a}"=dword:00000001
"{eeaf37d0-1963-47c4-aa48-72476db7cf49}"=dword:00000001
"{f74e73eb-9ac5-45eb-be4d-772cc71ddfb3}"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\Pci\CardList]
"Intel 82441FX"=hex:01,00,00,00,86,80,37,12,00,00,00,00,00,00,00,00
"Intel 82439HX"=hex:01,00,00,00,86,80,50,12,00,00,00,00,00,00,00,00
"Intel 82439TX"=hex:01,00,00,00,86,80,00,71,00,00,00,00,00,00,00,00
"Intel 82443LX/EX"=hex:01,00,00,00,86,80,80,71,00,00,00,00,00,00,00,00
"Intel 82443BX1"=hex:01,00,00,00,86,80,90,71,00,00,00,00,00,00,00,00
"Intel 82443BX2"=hex:01,00,00,00,86,80,92,71,00,00,00,00,00,00,00,00
"Intel 82443GX"=hex:01,00,00,00,86,80,a0,71,00,00,00,00,00,00,00,00
"VIA Tech1"=hex:01,00,00,00,06,11,01,05,00,00,00,00,00,00,00,00
"VIA Tech2"=hex:01,00,00,00,06,11,91,06,00,00,00,00,00,00,00,00
"Toshiba"=hex:01,00,00,00,79,11,01,06,00,00,00,00,00,00,00,00
"Ali"=hex:01,00,00,00,b9,10,21,15,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2]
"Option\3"=dword:0000000f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\00001078]
"Name"="Cyrix\000552\0 Re\6 0"
"Instan\3?"=dword:0000000e
"Parame\4?rs"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\00020E\1]
"Name"="Compaq CMC-2"
"Instance"=dword:0000000d
"Parameters"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\00021066]
"Name"="Vesuvius"
"Instance"=dword:00000011
"Parameters"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\00021078]
"Name"="Cyrix 5520 Rev 1"
"Instance"=dword:0000000e
"Parameters"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\00061004]
"Name"="VLSI"
"Instance"=dword:00000002
"Parameters"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\00081039]
"Name"="SiS5503"
"Instance"=dword:00000004
"Parameters"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\0011100B]
"Name"="NS 87560"
"Instance"=dword:00000007
"Parameters"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\01021004]
"Name"="VLSI Eagle"
"Instance"=dword:00000005
"Parameters"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\04828086]
"Name"="Intel 82375EB/SB"
"Instance"=dword:00000000
"Parameters"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\04848086]
"Name"="Intel 82378"
"Instance"=dword:00000001
"Parameters"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\05861106]
"Name"="VT82C586B"
"Instance"=dword:0000000b
"Parameters"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\05961106]
"Name"="VT82C596B"
"Instance"=dword:0000000b
"Parameters"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\06021179]
"Name"="Toshiba"
"Instance"=dword:0000000f
"Parameters"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\06861106]
"Name"="VT82C686B"
"Instance"=dword:0000000b
"Parameters"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\122E8086]
"Name"="Intel 82371FB"
"Instance"=dword:00000001
"Parameters"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\12348086]
"Name"="Intel 82371MX"
"Instance"=dword:00000001
"Parameters"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\152310B9]
"Name"="ALi 1523"
"Instance"=dword:00000006
"Parameters"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\153310B9]
"Name"="ALi 1533"
"Instance"=dword:00000009
"Parameters"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\70008086]
"Name"="Intel 82371SB"
"Instance"=dword:00000001
"Parameters"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\71108086]
"Name"="Intel 82371AB/EB"
"Instance"=dword:00000001
"Parameters"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\76008086]
"Name"="Intel 82372FB"
"Instance"=dword:00000001
"Parameters"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\80021066]
"Name"="Vesuvius"
"Instance"=dword:00000011
"Parameters"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\A0F30E11]
"Name"="Compaq OSB"
"Instance"=dword:0000000c
"Parameters"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\AE290E11]
"Name"="Compaq MISC-3"
"Instance"=dword:00000008
"Parameters"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\C5581045]
"Name"="Opti Viper"
"Instance"=dword:00000003
"Parameters"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\C5681045]
"Name"="Opti Viper Max"
"Instance"=dword:00000003
"Parameters"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqMin\t\C7001045]
"Name"="Opti Fire Star"
"Instance"=dword:0000000a
"Parameters"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PnP\PciIrq\2\IrqRoutingTables]
"VLSI Sample"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"IBM Mach VLSI Chipset"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"Dell 4 PCI slot"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"Dell 2 PCI slot"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"Gateway 2000 3 PCI slot"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"Intel 430MX Motherboard Sample"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment]
"NUMBER_?F_PROCE?SORS"="1"
"FP_NO_H?ST_CHEC?"="NO"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\RDPDR\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WMPNetworkSvc]
"DependO?Group"=str(7):""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{3c0d5]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{3c0d5\##?#Ro]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{3e227]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{3e227\##?#Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}]
"DeviceInstance"="Root\SYSTEM\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{3e227\##?#Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\#{cd171de3-69e5-11d2-b56d-0000f8754380}&{9B365890-165F-11D0-A195-0020AFD156E4}]
"SymbolicLink"="\\?\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\{cd171de3-69e5-11d2-b56d-0000f8754380}&{9B365890-165F-11D0-A195-0020AFD156E4}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{3e227\##?#Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\#{cd171de3-69e5-11d2-b56d-0000f8754380}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters]
"CLSID"="{17CCA71B-ECD7-11D0-B908-00A0C9223196}"
"FriendlyName"="Microsoft WINMM WDM Audio Compatibility Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{3c0d5]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{3c0d5\##?#Ro]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{3e227]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{3e227\##?#Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}]
"DeviceInstance"="Root\SYSTEM\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{3e227\##?#Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\#{cd171de3-69e5-11d2-b56d-0000f8754380}&{9B365890-165F-11D0-A195-0020AFD156E4}]
"SymbolicLink"="\\?\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\{cd171de3-69e5-11d2-b56d-0000f8754380}&{9B365890-165F-11D0-A195-0020AFD156E4}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{3e227\##?#Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\#{cd171de3-69e5-11d2-b56d-0000f8754380}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters]
"CLSID"="{17CCA71B-ECD7-11D0-B908-00A0C9223196}"
"FriendlyName"="Microsoft WINMM WDM Audio Compatibility Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\DeviceClasses\{3c0d5]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\DeviceClasses\{3c0d5\##?#Ro]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\DeviceClasses\{3e227]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\DeviceClasses\{3e227\##?#Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}]
"DeviceInstance"="Root\SYSTEM\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\DeviceClasses\{3e227\##?#Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\#{cd171de3-69e5-11d2-b56d-0000f8754380}&{9B365890-165F-11D0-A195-0020AFD156E4}]
"SymbolicLink"="\\?\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\{cd171de3-69e5-11d2-b56d-0000f8754380}&{9B365890-165F-11D0-A195-0020AFD156E4}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\DeviceClasses\{3e227\##?#Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\#{cd171de3-69e5-11d2-b56d-0000f8754380}&{9B365890-165F-11D0-A195-0020AFD156E4}\Device Parameters]
"CLSID"="{17CCA71B-ECD7-11D0-B908-00A0C9223196}"
"FriendlyName"="Microsoft WINMM WDM Audio Compatibility Driver"

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\DC++ 0.698\\DCPlusPlus.exe"="C:\\Program Files\\DC++ 0.698\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\DC++ 0.707\\DCPlusPlus.exe"="C:\\Program Files\\DC++ 0.707\\DCPlusPlus.exe:*:Enabled:DC++"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :



Files with Hidden Attributes :

Thu 14 Aug 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 27 Mar 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 5 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

Finished!



One more note, whenever i aquired this Malware or whatever it is, my system has been going nuts during reboot, during the memory scan it sounds like harddrive is working over time, then initial bios/memory scan screen gets all messed up with white pixels through it and the PC speaker sends out a constant tone. Not sure if its related or not just makes me nervous, i have it restart it over and over til it finally boots.

Thanks again.

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:49 PM

Posted 30 September 2008 - 06:18 PM

Hello, sn2938.
Lookin Good :) (From the logs that is)

If your system is making noises and things like that during the initial ram test at boot, then it is not a malware problem. It is likely you have a case of impending hard disk failure.

You should probably post over in the Internal Hardware forum, as it looks like this machine is free of malware, and the other symptoms you describe are likely hardware related.

EDIT: This assuming you still aren't having the google redirect problem....

Congratulations! You now appear clean! :thumbsup:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware


We Need to Clean Up Our Mess
  • Please download OTCleanIt from one of the following mirrors and save it to your desktop:
  • Double click the Posted Image icon.
  • Push the large "Cleanup" button.
  • Allow your system to reboot.
Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Billy3

Edited by Billy O'Neal, 30 September 2008 - 06:19 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 sn2938

sn2938
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 30 September 2008 - 09:36 PM

Billy thanks for all your support. Google searches seem to be back to normal. Also, not to sound optomistic, but ..., last few times I have reboot, no problems. Before it was every time I booted. Anyways thanks for all your help.

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:49 PM

Posted 01 October 2008 - 05:34 AM

Hello, sn2938.
Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users