Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This: Please Help Diagnose!


  • This topic is locked This topic is locked
22 replies to this topic

#1 hellspark

hellspark

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 30 December 2008 - 11:02 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:43 PM, on 12/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\M-Audio Fast Track\GBInst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\TOMBRAID\TRAISVCS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\Notepad.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {042733A8-F89F-4C31-86A2-31EBB777EA2D} - (no file)
O2 - BHO: (no name) - {05FEE6A5-BABF-424E-801B-E616D82C8C56} - (no file)
O2 - BHO: (no name) - {12329E7F-FCF1-42A5-90D5-412CFAA0BF54} - (no file)
O2 - BHO: {91cef602-abcf-8de9-8104-02159e4990c1} - {1c0994e9-5120-4018-9ed8-fcba206fec19} - C:\WINDOWS\system32\fhivic.dll
O2 - BHO: (no name) - {2ABAFDDE-5B13-4979-8F16-2FED30503AC4} - (no file)
O2 - BHO: (no name) - {3A08EE37-4E7A-4B4A-8B9C-C1A71A14A9C6} - C:\WINDOWS\system32\efcBuvSK.dll (file missing)
O2 - BHO: (no name) - {44781669-B4DE-4029-928F-E78E50DA5DD9} - (no file)
O2 - BHO: (no name) - {450A0EA1-F5A4-4357-98B4-5AEF97819A4D} - C:\WINDOWS\system32\iifgDTkH.dll (file missing)
O2 - BHO: (no name) - {4B7EF182-3944-4A08-BE7C-F3E02B4A745E} - (no file)
O2 - BHO: (no name) - {4BF010D4-A862-4598-ACE3-4205BF10072E} - C:\WINDOWS\system32\awturRjj.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59E502F5-4A0D-42D9-AA84-767CFD11128B} - (no file)
O2 - BHO: (no name) - {5B188065-5CE3-40DB-891D-CF056196A29C} - C:\WINDOWS\system32\mlJAtRIA.dll (file missing)
O2 - BHO: (no name) - {64D13CBA-290D-4ACE-93AA-888405A49317} - C:\WINDOWS\system32\byXoOhHa.dll (file missing)
O2 - BHO: (no name) - {68FC8D47-CADF-4A54-903D-1699EB8A116E} - C:\WINDOWS\system32\xxyywXqR.dll (file missing)
O2 - BHO: (no name) - {823ACDB3-9877-4DEC-8F85-3FDC4F1311D0} - (no file)
O2 - BHO: (no name) - {854B2F8B-9E68-4041-936B-A66619273D29} - (no file)
O2 - BHO: (no name) - {87F12B3F-64B7-4BBC-A5CF-A153799B3A6F} - (no file)
O2 - BHO: (no name) - {8D8136A3-6885-4101-9B7B-68F77ED29B4B} - (no file)
O2 - BHO: (no name) - {A98D0065-7326-41B5-B8D9-C5B692CDB82F} - C:\WINDOWS\system32\hgGwTnml.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {C6D9C739-2AD3-4949-9DDA-CC33B5B86BB5} - C:\WINDOWS\system32\ddcYsRIA.dll (file missing)
O2 - BHO: (no name) - {C9A726D9-0F17-4316-B5B1-BA250422D31B} - C:\WINDOWS\system32\nnnlmlIB.dll (file missing)
O2 - BHO: (no name) - {D8C7835A-0CC3-41B2-AAD9-CFA7AC548F51} - C:\WINDOWS\system32\xxyyaXno.dll (file missing)
O2 - BHO: (no name) - {DF4A7177-0918-4184-8371-03F8C14477E8} - (no file)
O2 - BHO: (no name) - {E14A4E8F-2EC5-41EE-ADAE-72F35FD7BDFA} - C:\WINDOWS\system32\xxyabyyX.dll (file missing)
O2 - BHO: (no name) - {E172675C-A07F-41E2-89A4-96F883D14251} - C:\WINDOWS\system32\ddcyVOeE.dll (file missing)
O2 - BHO: (no name) - {E56E8452-5338-4257-A772-7B3480791F00} - (no file)
O2 - BHO: (no name) - {FC10386C-92DA-496F-884E-12F8B8162F31} - C:\WINDOWS\system32\hgGxVMGY.dll (file missing)
O2 - BHO: (no name) - {FC9FDAA8-3691-4182-8CF0-389E0079D628} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [c0982344] rundll32.exe "C:\WINDOWS\system32\sphcflla.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA2634] command /c del "C:\WINDOWS\system32\hgGxVMGY.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1208] cmd /c del "C:\WINDOWS\system32\hgGxVMGY.dll_old"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\RunOnce: [SpybotDeletingB197] command /c del "C:\WINDOWS\system32\hgGxVMGY.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3993] cmd /c del "C:\WINDOWS\system32\hgGxVMGY.dll_old"
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{20B2A881-599C-41AF-BA5F-329D10AE65B0}: NameServer = 85.255.113.149;85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CBEB9BA-6A4B-4B08-A2C3-E009B6139638}: NameServer = 85.255.113.149;85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA518FB1-8B4A-4E53-B5D8-C664E70AFC52}: NameServer = 85.255.113.149;85.255.112.218
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.149;85.255.112.218
O17 - HKLM\System\CS1\Services\Tcpip\..\{20B2A881-599C-41AF-BA5F-329D10AE65B0}: NameServer = 85.255.113.149;85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.149;85.255.112.218
O20 - AppInit_DLLs: xzqcsq.dll fhivic.dll
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: hgGwTnml - C:\WINDOWS\SYSTEM32\hgGwTnml.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Fast Track Installer (FastTrackInstallerService) - Nemesis - C:\Program Files\M-Audio Fast Track\GBInst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Tomb Raider Advanced Installer Multiprocessor Helper (TraiHelper) - RatkovicDesign - C:\TOMBRAID\TRAISVCS.EXE
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12177 bytes

BC AdBot (Login to Remove)

 


#2 hellspark

hellspark
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 04 January 2009 - 12:49 PM

Logfile Update

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:39 PM, on 1/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\M-Audio Fast Track\GBInst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\TOMBRAID\TRAISVCS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [c0982344] rundll32.exe "C:\WINDOWS\system32\uospupey.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{20B2A881-599C-41AF-BA5F-329D10AE65B0}: NameServer = 85.255.113.149;85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CBEB9BA-6A4B-4B08-A2C3-E009B6139638}: NameServer = 85.255.113.149;85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA518FB1-8B4A-4E53-B5D8-C664E70AFC52}: NameServer = 85.255.113.149;85.255.112.218
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.149;85.255.112.218
O17 - HKLM\System\CS1\Services\Tcpip\..\{20B2A881-599C-41AF-BA5F-329D10AE65B0}: NameServer = 85.255.113.149;85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.149;85.255.112.218
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Fast Track Installer (FastTrackInstallerService) - Nemesis - C:\Program Files\M-Audio Fast Track\GBInst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Tomb Raider Advanced Installer Multiprocessor Helper (TraiHelper) - RatkovicDesign - C:\TOMBRAID\TRAISVCS.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7366 bytes

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 05 January 2009 - 07:13 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 hellspark

hellspark
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 06 January 2009 - 06:35 PM

Malwarebytes' Anti-Malware 1.32
Database version: 1616
Windows 5.1.2600 Service Pack 3

1/6/2009 6:13:34 PM
mbam-log-2009-01-06 (18-13-27).txt

Scan type: Full Scan (C:\|)
Objects scanned: 140905
Time elapsed: 2 hour(s), 33 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 55
Registry Values Infected: 2
Registry Data Items Infected: 20
Folders Infected: 0
Files Infected: 25

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\fccbXoli.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mstcmiqa.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hgGwTnml.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3cbbc977-1cde-42c3-80b3-fb46fce52dc8} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3cbbc977-1cde-42c3-80b3-fb46fce52dc8} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a98d0065-7326-41b5-b8d9-c5b692cdb82f} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggwtnml (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a98d0065-7326-41b5-b8d9-c5b692cdb82f} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c58e9bf2-4c11-48be-a404-6521ef8b5bf3} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c58e9bf2-4c11-48be-a404-6521ef8b5bf3} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a98d0065-7326-41b5-b8d9-c5b692cdb82f} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c58e9bf2-4c11-48be-a404-6521ef8b5bf3} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3a08ee37-4e7a-4b4a-8b9c-c1a71a14a9c6} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{450a0ea1-f5a4-4357-98b4-5aef97819a4d} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4bf010d4-a862-4598-ace3-4205bf10072e} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5b188065-5ce3-40db-891d-cf056196a29c} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{64d13cba-290d-4ace-93aa-888405a49317} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{68fc8d47-cadf-4a54-903d-1699eb8a116e} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c6d9c739-2ad3-4949-9dda-cc33b5b86bb5} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9a726d9-0f17-4316-b5b1-ba250422d31b} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d8c7835a-0cc3-41b2-aad9-cfa7ac548f51} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e14a4e8f-2ec5-41ee-adae-72f35fd7bdfa} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e172675c-a07f-41e2-89a4-96f883d14251} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fc10386c-92da-496f-884e-12f8b8162f31} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1c0994e9-5120-4018-9ed8-fcba206fec19} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3a08ee37-4e7a-4b4a-8b9c-c1a71a14a9c6} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{450a0ea1-f5a4-4357-98b4-5aef97819a4d} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4bf010d4-a862-4598-ace3-4205bf10072e} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5b188065-5ce3-40db-891d-cf056196a29c} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64d13cba-290d-4ace-93aa-888405a49317} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{68fc8d47-cadf-4a54-903d-1699eb8a116e} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c6d9c739-2ad3-4949-9dda-cc33b5b86bb5} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c9a726d9-0f17-4316-b5b1-ba250422d31b} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d8c7835a-0cc3-41b2-aad9-cfa7ac548f51} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e14a4e8f-2ec5-41ee-adae-72f35fd7bdfa} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e172675c-a07f-41e2-89a4-96f883d14251} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fc10386c-92da-496f-884e-12f8b8162f31} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3a08ee37-4e7a-4b4a-8b9c-c1a71a14a9c6} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{450a0ea1-f5a4-4357-98b4-5aef97819a4d} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4bf010d4-a862-4598-ace3-4205bf10072e} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5b188065-5ce3-40db-891d-cf056196a29c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64d13cba-290d-4ace-93aa-888405a49317} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68fc8d47-cadf-4a54-903d-1699eb8a116e} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c6d9c739-2ad3-4949-9dda-cc33b5b86bb5} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c9a726d9-0f17-4316-b5b1-ba250422d31b} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d8c7835a-0cc3-41b2-aad9-cfa7ac548f51} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e14a4e8f-2ec5-41ee-adae-72f35fd7bdfa} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e172675c-a07f-41e2-89a4-96f883d14251} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc10386c-92da-496f-884e-12f8b8162f31} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cbbc977-1cde-42c3-80b3-fb46fce52dc8} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\extravideo (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c0982344 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a98d0065-7326-41b5-b8d9-c5b692cdb82f} (Trojan.Vundo.H) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccbxoli -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccbxoli -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.149;85.255.112.218 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{20b2a881-599c-41af-ba5f-329d10ae65b0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.149;85.255.112.218 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8cbeb9ba-6a4b-4b08-a2c3-e009b6139638}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.149;85.255.112.218 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8cbeb9ba-6a4b-4b08-a2c3-e009b6139638}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.149;85.255.112.218 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{aa518fb1-8b4a-4e53-b5d8-c664e70afc52}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.149;85.255.112.218 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{aa518fb1-8b4a-4e53-b5d8-c664e70afc52}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.149;85.255.112.218 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.149;85.255.112.218 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{20b2a881-599c-41af-ba5f-329d10ae65b0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.149;85.255.112.218 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8cbeb9ba-6a4b-4b08-a2c3-e009b6139638}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.149;85.255.112.218 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8cbeb9ba-6a4b-4b08-a2c3-e009b6139638}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.149;85.255.112.218 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{aa518fb1-8b4a-4e53-b5d8-c664e70afc52}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.149;85.255.112.218 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{aa518fb1-8b4a-4e53-b5d8-c664e70afc52}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.149;85.255.112.218 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.149;85.255.112.218 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{20b2a881-599c-41af-ba5f-329d10ae65b0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.149;85.255.112.218 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{8cbeb9ba-6a4b-4b08-a2c3-e009b6139638}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.149;85.255.112.218 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{8cbeb9ba-6a4b-4b08-a2c3-e009b6139638}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.149;85.255.112.218 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{aa518fb1-8b4a-4e53-b5d8-c664e70afc52}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.149;85.255.112.218 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{aa518fb1-8b4a-4e53-b5d8-c664e70afc52}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.149;85.255.112.218 -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\rzkrug.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hgGwTnml.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fccbXoli.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\iloXbccf.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\iloXbccf.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fphbywqy.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yqwybhpf.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hoitdigi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\igidtioh.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mstcmiqa.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\aqimctsm.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\uospupey.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yepupsou.ini (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\Ben Halsey\Local Settings\Temporary Internet Files\Content.IE5\M2J0SAQ7\index[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Ben Halsey\Local Settings\Temporary Internet Files\Content.IE5\O1TA9U7H\upd105320[1] (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\Ben Halsey\Local Settings\Temporary Internet Files\Content.IE5\OLBN96Y6\upd105320[2] (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\Ben Halsey\Local Settings\Temporary Internet Files\Content.IE5\OLBN96Y6\upd105320[1] (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\uqktnjcu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vapjrs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\aycvlgtr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\enwatg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\liwsbwwk.dll.vzr (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\msqpdxmtpearxx.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\drivers\msqpdxmxfeoitu.sys (Trojan.Agent) -> No action taken.

#5 hellspark

hellspark
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 06 January 2009 - 06:38 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Ben Halsey at 2009-01-06 18:28:40
Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (18%) free of 76 GB
Total RAM: 1014 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:29:06 PM, on 1/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\M-Audio Fast Track\GBInst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\TOMBRAID\TRAISVCS.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Documents and Settings\Ben Halsey\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Ben Halsey.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {029CF6CE-92BC-45C5-97C9-6E42EBF48419} - C:\WINDOWS\system32\geBsrSJc.dll (file missing)
O2 - BHO: (no name) - {042733A8-F89F-4C31-86A2-31EBB777EA2D} - (no file)
O2 - BHO: (no name) - {05FEE6A5-BABF-424E-801B-E616D82C8C56} - (no file)
O2 - BHO: (no name) - {12329E7F-FCF1-42A5-90D5-412CFAA0BF54} - (no file)
O2 - BHO: (no name) - {2ABAFDDE-5B13-4979-8F16-2FED30503AC4} - (no file)
O2 - BHO: (no name) - {44781669-B4DE-4029-928F-E78E50DA5DD9} - (no file)
O2 - BHO: (no name) - {4B7EF182-3944-4A08-BE7C-F3E02B4A745E} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59E502F5-4A0D-42D9-AA84-767CFD11128B} - (no file)
O2 - BHO: (no name) - {823ACDB3-9877-4DEC-8F85-3FDC4F1311D0} - (no file)
O2 - BHO: (no name) - {854B2F8B-9E68-4041-936B-A66619273D29} - (no file)
O2 - BHO: (no name) - {87F12B3F-64B7-4BBC-A5CF-A153799B3A6F} - (no file)
O2 - BHO: (no name) - {8D8136A3-6885-4101-9B7B-68F77ED29B4B} - (no file)
O2 - BHO: (no name) - {A98D0065-7326-41B5-B8D9-C5B692CDB82F} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AEF55D73-02BC-4ED8-ADA0-F780C1056001} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {B93C20F6-DF63-452D-A035-E99D91096489} - (no file)
O2 - BHO: (no name) - {C58E9BF2-4C11-48BE-A404-6521EF8B5BF3} - (no file)
O2 - BHO: (no name) - {C777409B-C6D8-4CBE-B425-762447F9A4FD} - (no file)
O2 - BHO: (no name) - {DF4A7177-0918-4184-8371-03F8C14477E8} - (no file)
O2 - BHO: (no name) - {E56E8452-5338-4257-A772-7B3480791F00} - (no file)
O2 - BHO: (no name) - {FC9FDAA8-3691-4182-8CF0-389E0079D628} - (no file)
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [c0982344] rundll32.exe "C:\WINDOWS\system32\mstcmiqa.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: hgGwTnml - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Fast Track Installer (FastTrackInstallerService) - Nemesis - C:\Program Files\M-Audio Fast Track\GBInst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Tomb Raider Advanced Installer Multiprocessor Helper (TraiHelper) - RatkovicDesign - C:\TOMBRAID\TRAISVCS.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8634 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{029CF6CE-92BC-45C5-97C9-6E42EBF48419}]
C:\WINDOWS\system32\geBsrSJc.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{042733A8-F89F-4C31-86A2-31EBB777EA2D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05FEE6A5-BABF-424E-801B-E616D82C8C56}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12329E7F-FCF1-42A5-90D5-412CFAA0BF54}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ABAFDDE-5B13-4979-8F16-2FED30503AC4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44781669-B4DE-4029-928F-E78E50DA5DD9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B7EF182-3944-4A08-BE7C-F3E02B4A745E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59E502F5-4A0D-42D9-AA84-767CFD11128B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{823ACDB3-9877-4DEC-8F85-3FDC4F1311D0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{854B2F8B-9E68-4041-936B-A66619273D29}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87F12B3F-64B7-4BBC-A5CF-A153799B3A6F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D8136A3-6885-4101-9B7B-68F77ED29B4B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A98D0065-7326-41B5-B8D9-C5B692CDB82F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-06-18 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEF55D73-02BC-4ED8-ADA0-F780C1056001}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-19 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B93C20F6-DF63-452D-A035-E99D91096489}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C58E9BF2-4C11-48BE-A404-6521EF8B5BF3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C777409B-C6D8-4CBE-B425-762447F9A4FD}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF4A7177-0918-4184-8371-03F8C14477E8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E56E8452-5338-4257-A772-7B3480791F00}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC9FDAA8-3691-4182-8CF0-389E0079D628}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-07-25 823296]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-07-25 974848]
"ClamWin"=C:\Program Files\ClamWin\bin\ClamTray.exe [2008-11-04 86016]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-03-30 138008]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-03-30 162584]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2008-04-13 110592]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-09-19 81920]
"NVHotkey"=C:\WINDOWS\system32\nvHotkey.dll [2007-09-19 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-09-19 8491008]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-08-21 981904]
"c0982344"=C:\WINDOWS\system32\mstcmiqa.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-23 68856]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgGwTnml]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-03-30 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\PacSteamT\SteamApps\hellspark66\half-life\hl.exe"="C:\PacSteamT\SteamApps\hellspark66\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\PacSteamT\SteamApps\hellspark66\garrysmod\hl2.exe"="C:\PacSteamT\SteamApps\hellspark66\garrysmod\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\Microsoft Games\MechWarrior Vengeance\MW4.ICD"="C:\Program Files\Microsoft Games\MechWarrior Vengeance\MW4.ICD:*:Enabled:MechWarrior IV"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\PacSteamT\SteamApps\hellspark66\condition zero\hl.exe"="C:\PacSteamT\SteamApps\hellspark66\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
"C:\PacSteamT\SteamApps\hellspark66\opposing force\hl.exe"="C:\PacSteamT\SteamApps\hellspark66\opposing force\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Descent3\main.exe"="C:\Program Files\Descent3\main.exe:*:Enabled:main"
"C:\Program Files\Electronic Arts\Need For Speed III\nfs3.exe"="C:\Program Files\Electronic Arts\Need For Speed III\nfs3.exe:*:Enabled:Need For Speed III for Win32"
"C:\Documents and Settings\Ben Halsey\Desktop\racer\racer.exe"="C:\Documents and Settings\Ben Halsey\Desktop\racer\racer.exe:*:Enabled:racer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\TmUnitedForever\TmForever.exe"="C:\Program Files\TmUnitedForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Steam\steamapps\hellspark66\half-life\hl.exe"="C:\Program Files\Steam\steamapps\hellspark66\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\hellspark66\deathmatch classic\hl.exe"="C:\Program Files\Steam\steamapps\hellspark66\deathmatch classic\hl.exe:*:Enabled:Half-Life Launcher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com c:
shell\Open\command - resycled\boot.com c:


======List of files/folders created in the last 3 months======

2009-01-06 18:28:40 ----D---- C:\rsit
2009-01-05 23:33:36 ----D---- C:\Documents and Settings\Ben Halsey\Application Data\Malwarebytes
2009-01-05 23:33:10 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-05 23:33:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-05 14:30:58 ----A---- C:\WINDOWS\system32\jqctyx.dll
2009-01-05 14:30:57 ----A---- C:\WINDOWS\system32\tuprvser.dll
2009-01-04 14:33:47 ----ASH---- C:\WINDOWS\system32\jrgkejgr.ini
2009-01-04 13:49:49 ----ASH---- C:\WINDOWS\system32\kwwbswil.ini
2009-01-03 13:34:00 ----ASH---- C:\WINDOWS\system32\asruvsxc.ini
2009-01-02 03:52:52 ----A---- C:\rollback.ini
2009-01-02 02:57:29 ----ASH---- C:\WINDOWS\system32\sakdqtbq.ini
2009-01-02 02:38:45 ----D---- C:\Documents and Settings\Ben Halsey\Application Data\MailFrontier
2009-01-02 01:37:59 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2009-01-02 01:36:58 ----A---- C:\WINDOWS\zllsputility.exe
2009-01-02 01:36:03 ----A---- C:\WINDOWS\system32\vsregexp.dll
2009-01-02 01:35:58 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2009-01-02 01:35:58 ----A---- C:\WINDOWS\system32\zlcomm.dll
2009-01-02 01:35:38 ----A---- C:\WINDOWS\system32\vswmi.dll
2009-01-02 01:35:35 ----A---- C:\WINDOWS\system32\zpeng25.dll
2009-01-02 01:35:34 ----A---- C:\WINDOWS\system32\vsxml.dll
2009-01-02 01:35:31 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-01-02 01:35:31 ----D---- C:\Program Files\Zone Labs
2009-01-02 01:35:31 ----A---- C:\WINDOWS\system32\vspubapi.dll
2009-01-02 01:35:30 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2009-01-02 01:34:38 ----A---- C:\WINDOWS\system32\vsdata.dll
2009-01-02 01:34:37 ----A---- C:\WINDOWS\system32\vsutil.dll
2009-01-02 01:34:37 ----A---- C:\WINDOWS\system32\vsinit.dll
2009-01-02 01:33:42 ----D---- C:\WINDOWS\Internet Logs
2009-01-02 01:25:22 ----ASH---- C:\WINDOWS\system32\cJSrsBeg.ini2
2009-01-01 12:15:41 ----ASH---- C:\WINDOWS\system32\nfslludr.ini
2008-12-31 01:58:24 ----ASH---- C:\WINDOWS\system32\aapqwwuq.ini
2008-12-31 01:52:19 ----ASH---- C:\WINDOWS\system32\cJSrsBeg.ini
2008-12-30 22:46:52 ----D---- C:\Program Files\Trend Micro
2008-12-30 22:32:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-30 01:48:27 ----ASH---- C:\WINDOWS\system32\kbeufvdy.ini
2008-12-28 12:44:19 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-12-28 12:44:02 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-12-28 12:06:18 ----ASH---- C:\WINDOWS\system32\allfchps.ini
2008-12-28 03:59:04 ----ASH---- C:\WINDOWS\system32\thcabnvn.ini
2008-12-28 03:49:59 ----ASH---- C:\WINDOWS\system32\RqXwyyxx.ini
2008-12-22 16:50:26 ----ASH---- C:\WINDOWS\system32\qvcffqir.ini
2008-12-21 16:10:45 ----ASH---- C:\WINDOWS\system32\BIlmlnnn.ini
2008-12-20 19:24:39 ----ASH---- C:\WINDOWS\system32\oaeqexgk.ini
2008-12-20 05:05:54 ----A---- C:\WINDOWS\system32\igfxres.dll
2008-12-20 02:33:17 ----ASH---- C:\WINDOWS\system32\jjRrutwa.ini
2008-12-18 22:40:01 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-12-18 22:16:32 ----D---- C:\Program Files\YSFLIGHT.COM
2008-12-18 22:04:41 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-12-17 17:40:40 ----D---- C:\WTablet
2008-12-16 23:56:32 ----D---- C:\TOMBRAID
2008-12-16 21:58:22 ----D---- C:\Program Files\Common Files\Thraex Software
2008-12-16 21:58:22 ----D---- C:\PacSteamT
2008-12-14 21:57:18 ----ASH---- C:\WINDOWS\system32\kitltxxx.ini
2008-12-14 03:54:33 ----ASH---- C:\WINDOWS\system32\avkwuuwt.ini
2008-12-14 03:48:29 ----ASH---- C:\WINDOWS\system32\KSvuBcfe.ini
2008-12-13 20:44:58 ----A---- C:\WINDOWS\system32\slrzjb.dll
2008-12-13 20:44:57 ----A---- C:\WINDOWS\system32\wumqqhah.dll
2008-12-13 20:41:59 ----ASH---- C:\WINDOWS\system32\otkifwuf.ini
2008-12-12 22:11:50 ----D---- C:\Program Files\Steam
2008-12-12 20:43:15 ----ASH---- C:\WINDOWS\system32\rjbhrphg.ini
2008-12-11 20:42:30 ----ASH---- C:\WINDOWS\system32\nutrfrvx.ini
2008-12-11 20:31:16 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-12-11 01:02:29 ----ASH---- C:\WINDOWS\system32\AIRtAJlm.ini
2008-12-10 00:14:39 ----A---- C:\WINDOWS\system32\spmsg.dll
2008-12-09 21:51:51 ----ASH---- C:\WINDOWS\system32\xwucjmin.ini
2008-12-09 21:48:45 ----ASH---- C:\WINDOWS\system32\onXayyxx.ini
2008-12-09 15:58:45 ----ASH---- C:\WINDOWS\system32\nvpdamfn.ini
2008-12-07 20:43:55 ----A---- C:\WINDOWS\wininit.ini
2008-12-07 20:05:40 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-07 20:05:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-07 19:48:28 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-05 14:07:33 ----A---- C:\WINDOWS\system32\cbbbe73a-.txt
2008-12-05 14:06:35 ----ASH---- C:\WINDOWS\system32\aHhOoXyb.ini
2008-12-02 14:01:19 ----RHD---- C:\Documents and Settings\Ben Halsey\Application Data\SecuROM
2008-12-02 14:01:16 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-12-02 13:11:51 ----SHD---- C:\found.000
2008-12-01 00:41:19 ----D---- C:\Program Files\Lavasoft
2008-12-01 00:41:09 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-30 20:20:56 ----D---- C:\Program Files\Glidos
2008-11-30 19:56:06 ----D---- C:\Program Files\VDMSound
2008-11-30 19:53:56 ----A---- C:\TOMBPATH.TXT
2008-11-30 02:34:52 ----HD---- C:\WINDOWS\PIF
2008-11-30 01:31:25 ----R---- C:\RAYMAN.BAT
2008-11-30 01:31:11 ----D---- C:\Program Files\Rayman
2008-11-28 22:26:33 ----D---- C:\Program Files\iPod
2008-11-28 22:26:28 ----D---- C:\Program Files\iTunes
2008-11-28 22:26:28 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-28 22:24:23 ----D---- C:\Program Files\QuickTime
2008-11-24 23:24:29 ----D---- C:\Program Files\VirSyn Software Synthesizer
2008-11-22 20:33:27 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
2008-11-21 16:46:10 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-11-21 16:46:10 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpu10.dll
2008-11-21 16:45:08 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-11-21 16:45:08 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-11-21 16:45:08 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-11-21 16:45:08 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-11-21 16:45:06 ----A---- C:\WINDOWS\system32\DivX.dll
2008-11-21 16:44:38 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-11-21 16:44:16 ----A---- C:\WINDOWS\system32\DivXWMPExtType.dll
2008-11-19 17:04:57 ----D---- C:\Program Files\LucasArts
2008-11-18 10:01:01 ----D---- C:\Program Files\Electronic Arts
2008-11-18 10:00:47 ----A---- C:\WINDOWS\uninst.exe
2008-11-13 09:36:56 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 09:36:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 09:36:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-11 00:24:53 ----D---- C:\Program Files\Fox
2008-11-10 17:23:51 ----A---- C:\regdump.arm9.txt
2008-11-07 21:35:44 ----D---- C:\Program Files\Rockstar Games
2008-11-03 15:07:03 ----D---- C:\Program Files\SynthEdit
2008-10-30 20:28:52 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2008-10-30 20:28:40 ----D---- C:\Program Files\NVIDIA Corporation
2008-10-30 20:28:40 ----A---- C:\WINDOWS\system32\DSETUP.dll
2008-10-30 20:28:40 ----A---- C:\WINDOWS\system32\DolbyHph.dll
2008-10-28 13:50:30 ----A---- C:\WINDOWS\system32\ir41_32.dll
2008-10-26 18:15:03 ----D---- C:\Program Files\Descent3
2008-10-26 17:25:35 ----D---- C:\Program Files\HammerHead
2008-10-24 10:12:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-23 21:43:48 ----A---- C:\WINDOWS\system32\IFORCE2.dll
2008-10-19 11:56:55 ----D---- C:\Documents and Settings\Ben Halsey\Application Data\Help
2008-10-17 22:50:39 ----D---- C:\Program Files\Bonjour
2008-10-16 13:15:48 ----D---- C:\MicroProse
2008-10-15 06:41:32 ----AT---- C:\WINDOWS\system32\SIntfNT.dll
2008-10-15 06:41:32 ----AT---- C:\WINDOWS\system32\SIntf32.dll
2008-10-15 06:41:32 ----AT---- C:\WINDOWS\system32\SIntf16.dll
2008-10-14 18:41:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-14 18:41:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-14 18:41:25 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-14 18:40:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-14 18:40:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-14 07:50:05 ----D---- C:\Program Files\Acclaim Entertainment
2008-10-14 07:49:44 ----A---- C:\WINDOWS\IsUninst.exe
2008-10-14 07:46:02 ----D---- C:\Program Files\DAEMON Tools Lite
2008-10-14 07:42:40 ----D---- C:\Documents and Settings\Ben Halsey\Application Data\DAEMON Tools
2008-10-13 08:53:17 ----D---- C:\nebulatemprepository
2008-10-13 08:48:54 ----D---- C:\Program Files\u-he
2008-10-13 08:45:54 ----D---- C:\Program Files\Image-Line
2008-10-13 08:41:53 ----D---- C:\Documents and Settings\Ben Halsey\Application Data\FabFilter
2008-10-13 08:41:50 ----D---- C:\Program Files\FabFilter
2008-10-13 08:39:41 ----D---- C:\Program Files\CM Vocoder
2008-10-12 23:02:31 ----D---- C:\Program Files\Common Files\Native Instruments
2008-10-12 23:02:24 ----A---- C:\WINDOWS\system32\NI_IRC_1_2.dll
2008-10-12 23:02:24 ----A---- C:\WINDOWS\system32\NI_DFD_1_5.dll
2008-10-12 23:02:20 ----D---- C:\Program Files\Native Instruments
2008-10-09 21:29:51 ----D---- C:\Program Files\AIM6

======List of files/folders modified in the last 3 months======

2009-01-06 18:28:56 ----D---- C:\WINDOWS\Prefetch
2009-01-06 18:20:48 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-06 18:20:47 ----D---- C:\WINDOWS\Temp
2009-01-06 18:19:41 ----D---- C:\Documents and Settings\Ben Halsey\Application Data\WTablet
2009-01-06 18:18:13 ----D---- C:\WINDOWS\system32\drivers
2009-01-06 18:17:41 ----D---- C:\WINDOWS\system32
2009-01-06 18:17:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-06 12:46:33 ----D---- C:\Cakewalk Projects
2009-01-05 23:33:09 ----RD---- C:\Program Files
2009-01-04 02:02:15 ----D---- C:\Documents and Settings\Ben Halsey\Application Data\uTorrent
2009-01-02 01:36:58 ----D---- C:\WINDOWS
2009-01-02 01:34:11 ----SHD---- C:\WINDOWS\Installer
2009-01-02 01:34:08 ----D---- C:\WINDOWS\WinSxS
2009-01-02 00:26:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-30 23:55:20 ----D---- C:\Program Files\DivX
2008-12-30 22:32:19 ----D---- C:\Program Files\Common Files
2008-12-28 12:44:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-28 03:26:54 ----A---- C:\WINDOWS\system.ini
2008-12-24 09:48:25 ----RASH---- C:\boot.ini
2008-12-24 09:48:25 ----A---- C:\WINDOWS\win.ini
2008-12-19 01:20:08 ----D---- C:\Program Files\Adobe
2008-12-19 01:17:07 ----D---- C:\Documents and Settings\Ben Halsey\Application Data\Adobe
2008-12-18 23:55:37 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-18 23:07:14 ----D---- C:\Program Files\Common Files\Adobe
2008-12-18 22:24:05 ----RSD---- C:\WINDOWS\Fonts
2008-12-17 22:32:18 ----D---- C:\WINDOWS\Minidump
2008-12-11 20:31:27 ----D---- C:\WINDOWS\security
2008-12-11 20:30:44 ----HD---- C:\WINDOWS\inf
2008-12-10 00:16:22 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-06 02:01:21 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-02 14:00:51 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-02 01:33:04 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-02 01:28:49 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-01 16:03:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-01 03:17:26 ----D---- C:\WINDOWS\system32\DirectX
2008-12-01 03:17:25 ----RSD---- C:\WINDOWS\assembly
2008-11-30 19:42:31 ----D---- C:\WINDOWS\system32\Macromed
2008-11-28 22:23:55 ----D---- C:\Program Files\Common Files\Apple
2008-11-24 23:24:35 ----D---- C:\Program Files\Vstplugins
2008-11-21 16:47:56 ----A---- C:\WINDOWS\system32\DivXsm.exe
2008-11-21 16:47:52 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-11-15 03:21:40 ----D---- C:\WINDOWS\Help
2008-11-13 09:36:55 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 09:36:53 ----A---- C:\WINDOWS\imsins.BAK
2008-11-07 23:22:49 ----D---- C:\Documents and Settings\Ben Halsey\Application Data\gtk-2.0
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-28 13:50:04 ----D---- C:\Program Files\Microsoft Games
2008-10-17 22:50:01 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-14 18:41:14 ----D---- C:\Program Files\Internet Explorer
2008-10-09 21:30:05 ----D---- C:\Program Files\Common Files\AOL

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 KLIF;KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [2008-06-03 147984]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-08-21 353680]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.4.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-10-26 21393]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 NvNdis;NVIDIA NDIS IO Control Driver; \??\C:\WINDOWS\system32\Drivers\NvNdis.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-05-29 12416]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
R3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-02-23 56576]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-03-30 5704672]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-08-08 2211456]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-10-11 9856]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
S2 Nsynas32;Nsynas32; C:\WINDOWS\system32\drivers\Nsynas32.sys [2006-01-29 17688]
S3 adxapie;adxapie; \??\C:\DOCUME~1\BENHAL~1\LOCALS~1\Temp\adxapie.sys []
S3 anbj7pvo;anbj7pvo; C:\WINDOWS\system32\drivers\anbj7pvo.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 MA763010;M-Audio Fast Track; C:\WINDOWS\system32\drivers\MA763010.sys [2004-08-31 30848]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-09-19 6852032]
S3 SynasUSB;SynasUSB; C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-01-29 16896]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
R2 FastTrackInstallerService;Fast Track Installer; C:\Program Files\M-Audio Fast Track\GBInst.exe [2004-08-27 61440]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-07-25 987136]
R2 TabletServicePen;TabletServicePen; C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 1373480]
R2 TraiHelper;Tomb Raider Advanced Installer Multiprocessor Helper; C:\TOMBRAID\TRAISVCS.EXE [2008-12-16 177152]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-08-21 2405776]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-07-25 294912]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-09-19 155716]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-18 654848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-18 138168]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2009-01-06 18:29:15

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
AcusticaAudio Nebula3cm-->c:\nebulatemprepository\Uninstall3cm.exe
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0-->"C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
Aliens versus Predator Gold Edition-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Fox\Aliens versus Predator\Uninst.isu"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}
Cakewalk XL Pack-->"C:\Program Files\Cakewalk\Dimension LE\unins000.exe"
CANTOR 2-->MsiExec.exe /I{0EF0223B-1EE2-4D79-8668-9E1FE7E23C50}
ClamWin Free Antivirus 0.94.1-->"C:\Program Files\ClamWin\unins000.exe"
CM Alpha-->C:\Program Files\Cakewalk\Vstplugins\UninstalAlpha.exe
CM Vocoder-->C:\Program Files\CM Vocoder\uninstall.exe
CM WaveShaper-->C:\Program Files\Image-Line\CM WaveShaper\uninstall.exe
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Corel Painter X-->C:\Program Files\Corel\Corel Painter X\MSILauncher {05D60953-9012-44DF-A1A6-9DD97AD6580A} C:\DOCUME~1\BENHAL~1\LOCALS~1\Temp\PainterX.log
Corel Painter X-->MsiExec.exe /I{05D60953-9012-44DF-A1A6-9DD97AD6580A}
Deathmatch Classic-->"C:\Program Files\Steam\steam.exe" steam://uninstall/40
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drivers Install For Linksys Easylink Advisor-->MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
FabFilter One 2.01-->C:\Program Files\FabFilter\One\Uninst.exe
Fast Track-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07D4A7C5-C55C-45B5-9E86-D8068D25EF40}\setup.exe" -l0x9
Free YouTube to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
Garry's Mod-->"C:\PacSteamT\steam.exe" steam://uninstall/4000
G-Force-->C:\Program Files\SoundSpectrum\G-Force\Uninstall.exe
GIMP 2.4.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Guitar Suite CM-->"C:\Program Files\Cakewalk\Vstplugins\Guitar Suite CM\uninstall.exe"
Half-Life 2: Lost Coast-->"C:\Program Files\Steam\steam.exe" steam://uninstall/340
Half-Life: Blue Shift-->C:\Sierra\BLUE-S~1\bshift\UNWISE.EXE C:\Sierra\BLUE-S~1\bshift\install.log
Half-Life-->"C:\Program Files\Steam\steam.exe" steam://uninstall/70
HammerHead Rhythm Station-->C:\Program Files\HammerHead\Uninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
KORG Legacy Collection - ANALOG EDITION 2007-->MsiExec.exe /I{94CBA610-3D68-40F1-ACDE-6592829E225A}
KORG Legacy Collection - DIGITAL EDITION-->MsiExec.exe /I{4C1AC5C7-76ED-4842-BF31-6D8E21EF29B6}
Linksys EasyLink Advisor 1.6 (0044)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Max Payne 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}\Setup.exe" -l0x9
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
MechWarrior Vengeance-->"C:\Program Files\Microsoft Games\MechWarrior Vengeance\MWUNINSTAL.EXE" /runtemp /addremove
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Age of Empires-->C:\Program Files\Microsoft Games\Age of Empires\Uninstal.exe /uninstall
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Halo-->"C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft XNA Framework Redistributable 2.0-->MsiExec.exe /I{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Native Instruments B4 II-->C:\PROGRA~1\NATIVE~1\B4II~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\B4II~1\INSTALL.LOG
Native Instruments Guitar Rig 3-->C:\PROGRA~1\NATIVE~1\GUITAR~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\GUITAR~1\INSTALL.LOG
Native Instruments Kore Player-->C:\PROGRA~1\NATIVE~1\KOREPL~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\KOREPL~1\INSTALL.LOG
Native Instruments Service Center-->C:\PROGRA~1\NATIVE~1\SERVIC~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\SERVIC~1\INSTALL.LOG
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA DVD Decoder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}\setup.exe" -l0x9 -uninstall
OZ776 SCR Driver V1.1.3.9-->C:\Program Files\InstallShield Installation Information\{343D8DE3-AE1F-431A-830C-B66352E8CA12}\setup.exe -runfromtemp -l0x0409
PacSteamT-->C:\PacSteamT\PacSteamT-Uninstall.exe
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Pen Tablet-->C:\Program Files\Tablet\Pen\Remove.exe /u
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOG
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SONAR Home Studio 6-->"C:\Program Files\Cakewalk\SONAR Home Studio 6\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Syncrosoft's License Control-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
SynthEdit-->MsiExec.exe /I{F1A36967-8AF5-4BDB-90BB-F6B2750839E1}
TmNationsForever-->"C:\Program Files\TmNationsForever\unins000.exe"
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
VDMSound-->C:\Program Files\VDMSound\uninst.exe
Vintage Vocoder 1.03 Build 1-->"C:\WINDOWS\th_inst2.exe" -u "C:\Program Files\Sonicism Digital Audio Solutions\Vintage Vocoder\Uninstall0"
WinAce Archiver-->"C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Winamp Toolbar for Firefox-->"\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"
Winamp Toolbar for Internet Explorer-->"C:\Program Files\Winamp Toolbar\uninstall.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
YS FLIGHT SIMULATION SYSTEM 2000-->"C:\Program Files\YSFLIGHT.COM\YSFLIGHT\ysuninst9265.exe" "C:\Program Files\YSFLIGHT.COM\YSFLIGHT\ysuninst9265.lst"
ZoneAlarm Security Suite-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

=====HijackThis Backups=====

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKLM\..\Run: [c0982344] rundll32.exe "C:\WINDOWS\system32\rdullsfn.dll",b
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CBEB9BA-6A4B-4B08-A2C3-E009B6139638}: NameServer = 85.255.113.149;85.255.112.218
O17 - HKLM\System\CS1\Services\Tcpip\..\{20B2A881-599C-41AF-BA5F-329D10AE65B0}: NameServer = 85.255.113.149;85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{20B2A881-599C-41AF-BA5F-329D10AE65B0}: NameServer = 85.255.113.149;85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA518FB1-8B4A-4E53-B5D8-C664E70AFC52}: NameServer = 85.255.113.149;85.255.112.218
O20 - AppInit_DLLs: xzqcsq.dll rzkrug.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.149;85.255.112.218
O23 - Service: Tomb Raider Advanced Installer Multiprocessor Helper (TraiHelper) - RatkovicDesign - C:\TOMBRAID\TRAISVCS.EXE
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.149;85.255.112.218

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: ZoneAlarm Security Suite Antivirus
FW: ZoneAlarm Security Suite Firewall

System event log

Computer Name: VALUED-B9F286F9
Event Code: 7036
Message: The Wireless Zero Configuration service entered the stopped state.

Record Number: 24638
Source Name: Service Control Manager
Time Written: 20081230013755.000000-300
Event Type: information
User:

Computer Name: VALUED-B9F286F9
Event Code: 7035
Message: The Wireless Zero Configuration service was successfully sent a stop control.

Record Number: 24637
Source Name: Service Control Manager
Time Written: 20081230013751.000000-300
Event Type: information
User: VALUED-B9F286F9\Ben Halsey

Computer Name: VALUED-B9F286F9
Event Code: 7036
Message: The Computer Browser service entered the stopped state.

Record Number: 24636
Source Name: Service Control Manager
Time Written: 20081230013742.000000-300
Event Type: information
User:

Computer Name: VALUED-B9F286F9
Event Code: 7036
Message: The Remote Access Connection Manager service entered the running state.

Record Number: 24635
Source Name: Service Control Manager
Time Written: 20081230013742.000000-300
Event Type: information
User:

Computer Name: VALUED-B9F286F9
Event Code: 7036
Message: The iPod Service service entered the running state.

Record Number: 24634
Source Name: Service Control Manager
Time Written: 20081230013737.000000-300
Event Type: information
User:

Application event log

Computer Name: VALUED-B9F286F9
Event Code: 0
Message:
Record Number: 2273
Source Name: iPod Service
Time Written: 20080904182127.000000-240
Event Type: information
User:

Computer Name: VALUED-B9F286F9
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 2272
Source Name: SecurityCenter
Time Written: 20080904182118.000000-240
Event Type: information
User:

Computer Name: VALUED-B9F286F9
Event Code: 0
Message:
Record Number: 2271
Source Name: Viewpoint Manager Service
Time Written: 20080904182118.000000-240
Event Type: information
User:

Computer Name: VALUED-B9F286F9
Event Code: 0
Message:
Record Number: 2270
Source Name: RegSrvc
Time Written: 20080904182118.000000-240
Event Type: information
User:

Computer Name: VALUED-B9F286F9
Event Code: 0
Message:
Record Number: 2269
Source Name: EvtEng
Time Written: 20080904182118.000000-240
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\VDMSound
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"VDMSPath"=C:\Program Files\VDMSound
"tvdumpflags"=8

-----------------EOF-----------------

#6 hellspark

hellspark
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 06 January 2009 - 07:29 PM

And GMER...

Attached Files



#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 07 January 2009 - 02:53 AM

C:\WINDOWS\system32\drivers\msqpdxmxfeoitu.sys (Trojan.Agent) -> No action taken.


Why -> No action taken??


Lets do this...

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 hellspark

hellspark
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 07 January 2009 - 01:05 PM

ComboFix 09-01-06.02 - Ben Halsey 2009-01-07 4:00:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.522 [GMT -5:00]
Running from: c:\documents and settings\Ben Halsey\Desktop\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\BENHAL~1\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\BENHAL~1\LOCALS~1\Temp\tmp2.tmp
c:\windows\system32\aapqwwuq.ini
c:\windows\system32\aHhOoXyb.ini
c:\windows\system32\AIRtAJlm.ini
c:\windows\system32\allfchps.ini
c:\windows\system32\asruvsxc.ini
c:\windows\system32\avkwuuwt.ini
c:\windows\system32\BIlmlnnn.ini
c:\windows\system32\cJSrsBeg.ini
c:\windows\system32\cJSrsBeg.ini2
c:\windows\system32\jjRrutwa.ini
c:\windows\system32\jqctyx.dll
c:\windows\system32\jrgkejgr.ini
c:\windows\system32\kbeufvdy.ini
c:\windows\system32\kitltxxx.ini
c:\windows\system32\KSvuBcfe.ini
c:\windows\system32\kwwbswil.ini
c:\windows\system32\nfslludr.ini
c:\windows\system32\nutrfrvx.ini
c:\windows\system32\nvpdamfn.ini
c:\windows\system32\oaeqexgk.ini
c:\windows\system32\onXayyxx.ini
c:\windows\system32\otkifwuf.ini
c:\windows\system32\qvcffqir.ini
c:\windows\system32\rjbhrphg.ini
c:\windows\system32\RqXwyyxx.ini
c:\windows\system32\sakdqtbq.ini
c:\windows\system32\skinboxer43.dll
c:\windows\system32\slrzjb.dll
c:\windows\system32\thcabnvn.ini
c:\windows\system32\tuprvser.dll
c:\windows\system32\wumqqhah.dll
c:\windows\system32\xwucjmin.ini

.
((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-06 18:30 . 2009-01-06 18:30 250 --a------ c:\windows\gmer.ini
2009-01-06 18:28 . 2009-01-06 18:29 <DIR> d-------- C:\rsit
2009-01-06 18:18 . 2009-01-07 04:04 17,396,768 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-06 18:18 . 2009-01-06 18:18 32 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-05 23:33 . 2009-01-05 23:33 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-05 23:33 . 2009-01-05 23:33 <DIR> d-------- c:\documents and settings\Ben Halsey\Application Data\Malwarebytes
2009-01-05 23:33 . 2009-01-05 23:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-05 23:33 . 2009-01-04 18:41 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-05 23:33 . 2009-01-04 18:41 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-02 03:52 . 2009-01-07 02:49 805 --a------ C:\rollback.ini
2009-01-02 02:38 . 2009-01-02 02:38 <DIR> d-------- c:\documents and settings\Ben Halsey\Application Data\MailFrontier
2009-01-02 01:37 . 2009-01-03 20:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2009-01-02 01:37 . 2009-01-02 02:07 4,212 --ah----- c:\windows\system32\zllictbl.dat
2009-01-02 01:36 . 2008-08-21 20:41 72,592 --a------ c:\windows\zllsputility.exe
2009-01-02 01:35 . 2009-01-06 19:41 <DIR> d-------- c:\windows\system32\ZoneLabs
2009-01-02 01:35 . 2009-01-02 01:35 <DIR> d-------- c:\program files\Zone Labs
2009-01-02 01:35 . 2008-08-21 20:41 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2009-01-02 01:35 . 2009-01-06 18:19 349,222 --a------ c:\windows\system32\vsconfig.xml
2009-01-02 01:33 . 2009-01-07 03:51 <DIR> d-------- c:\windows\Internet Logs
2008-12-30 22:46 . 2008-12-30 22:46 <DIR> d-------- c:\program files\Trend Micro
2008-12-30 22:32 . 2008-12-30 22:32 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-28 12:44 . 2008-04-13 20:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-28 12:44 . 2008-04-13 14:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-28 12:44 . 2008-04-13 14:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-28 12:44 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-20 05:05 . 2007-03-30 19:58 172,032 --a------ c:\windows\system32\igfxres.dll
2008-12-18 22:40 . 2008-12-18 22:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-18 22:16 . 2008-12-18 22:16 <DIR> d-------- c:\program files\YSFLIGHT.COM
2008-12-18 22:04 . 2008-12-18 22:04 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-12-17 17:40 . 2008-12-17 17:40 <DIR> d-------- C:\WTablet
2008-12-16 23:56 . 2008-12-17 18:02 <DIR> d-------- C:\TOMBRAID
2008-12-16 21:58 . 2008-12-16 21:58 <DIR> d-------- c:\program files\Common Files\Thraex Software
2008-12-16 21:58 . 2008-12-17 03:58 <DIR> d-------- C:\PacSteamT
2008-12-14 19:48 . 2008-12-14 19:52 599 --a------ C:\009.sy1
2008-12-14 19:44 . 2008-12-14 19:47 599 --a------ C:\008.sy1
2008-12-14 19:44 . 2008-12-14 19:53 598 --a------ C:\007.sy1
2008-12-12 22:11 . 2009-01-02 00:11 <DIR> d-------- c:\program files\Steam
2008-12-11 20:31 . 2008-12-11 20:31 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-12-10 00:13 . 2008-12-10 00:13 23,392 --a------ c:\windows\system32\nscompat.tlb
2008-12-10 00:13 . 2008-12-10 00:13 16,832 --a------ c:\windows\system32\amcompat.tlb
2008-12-07 20:43 . 2009-01-02 01:24 948 --a------ c:\windows\wininit.ini
2008-12-07 20:05 . 2008-12-07 20:08 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-07 20:05 . 2008-12-07 21:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 23:19 --------- d-----w c:\documents and settings\Ben Halsey\Application Data\WTablet
2009-01-06 20:16 1,935,360 ----a-w c:\windows\Internet Logs\xDB4.tmp
2009-01-06 01:30 1,924,096 ----a-w c:\windows\Internet Logs\xDB3.tmp
2009-01-05 09:01 1,920,000 ----a-w c:\windows\Internet Logs\xDB2.tmp
2009-01-04 07:02 --------- d-----w c:\documents and settings\Ben Halsey\Application Data\uTorrent
2009-01-02 07:39 56,832 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-12-31 04:55 --------- d-----w c:\program files\DivX
2008-12-31 03:33 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-19 09:45 --------- d-----w c:\program files\Native Instruments
2008-12-19 04:07 --------- d-----w c:\program files\Common Files\Adobe
2008-12-17 06:11 21,840 ----atw c:\windows\system32\SIntfNT.dll
2008-12-17 06:11 17,212 ----atw c:\windows\system32\SIntf32.dll
2008-12-17 06:11 12,067 ----atw c:\windows\system32\SIntf16.dll
2008-12-17 04:57 --------- d-----w c:\program files\Glidos
2008-12-02 19:01 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-02 19:01 --------- d--h--r c:\documents and settings\Ben Halsey\Application Data\SecuROM
2008-12-02 06:33 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-02 06:28 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-02 06:28 --------- d-----w c:\program files\Electronic Arts
2008-12-01 05:41 --------- d-----w c:\program files\Lavasoft
2008-12-01 00:56 --------- d-----w c:\program files\VDMSound
2008-11-30 06:31 68 ------r C:\RAYMAN.BAT
2008-11-30 06:31 --------- d-----w c:\program files\Rayman
2008-11-30 00:43 --------- d-----w c:\program files\HammerHead
2008-11-29 03:26 --------- d-----w c:\program files\iTunes
2008-11-29 03:26 --------- d-----w c:\program files\iPod
2008-11-29 03:26 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-29 03:24 --------- d-----w c:\program files\QuickTime
2008-11-29 03:23 --------- d-----w c:\program files\Common Files\Apple
2008-11-25 07:18 --------- d-----w c:\program files\Common Files\Native Instruments
2008-11-25 04:24 --------- d-----w c:\program files\Vstplugins
2008-11-25 04:24 --------- d-----w c:\program files\VirSyn Software Synthesizer
2008-11-23 01:33 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-11-19 22:04 --------- d-----w c:\program files\LucasArts
2008-11-15 05:12 --------- d-----w c:\program files\SynthEdit
2008-11-11 20:05 --------- d-----w c:\program files\Fox
2008-11-08 04:22 --------- d-----w c:\documents and settings\Ben Halsey\Application Data\gtk-2.0
2008-11-08 02:35 --------- d-----w c:\program files\Rockstar Games
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-08-05 17:40 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080520080806\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-23 68856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2008-11-04 86016]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8491008]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-21 981904]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]
"NVHotkey"="nvHotkey.dll" [2007-09-19 c:\windows\system32\nvhotkey.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ msv1_0 schannel wdigest kerberos

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\PacSteamT\\SteamApps\\hellspark66\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Microsoft Games\\MechWarrior Vengeance\\MW4.ICD"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Descent3\\main.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\hellspark66\\half-life\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\hellspark66\\deathmatch classic\\hl.exe"=

R4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-08-31 1373480]
R4 TraiHelper;Tomb Raider Advanced Installer Multiprocessor Helper;c:\tombraid\TRAISVCS.EXE [2008-12-16 177152]
S3 adxapie;adxapie;\??\c:\docume~1\BENHAL~1\LOCALS~1\Temp\adxapie.sys --> c:\docume~1\BENHAL~1\LOCALS~1\Temp\adxapie.sys [?]
S3 MA763010;M-Audio Fast Track;c:\windows\system32\drivers\MA763010.sys [2008-06-25 30848]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2008-06-23 16896]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com c:
\Shell\Open\command - resycled\boot.com c:
.
Contents of the 'Scheduled Tasks' folder

2008-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
BHO-{029CF6CE-92BC-45C5-97C9-6E42EBF48419} - c:\windows\system32\geBsrSJc.dll
BHO-{042733A8-F89F-4C31-86A2-31EBB777EA2D} - (no file)
BHO-{05FEE6A5-BABF-424E-801B-E616D82C8C56} - (no file)
BHO-{12329E7F-FCF1-42A5-90D5-412CFAA0BF54} - (no file)
BHO-{2ABAFDDE-5B13-4979-8F16-2FED30503AC4} - (no file)
BHO-{44781669-B4DE-4029-928F-E78E50DA5DD9} - (no file)
BHO-{4B7EF182-3944-4A08-BE7C-F3E02B4A745E} - (no file)
BHO-{59E502F5-4A0D-42D9-AA84-767CFD11128B} - (no file)
BHO-{823ACDB3-9877-4DEC-8F85-3FDC4F1311D0} - (no file)
BHO-{854B2F8B-9E68-4041-936B-A66619273D29} - (no file)
BHO-{87F12B3F-64B7-4BBC-A5CF-A153799B3A6F} - (no file)
BHO-{8D8136A3-6885-4101-9B7B-68F77ED29B4B} - (no file)
BHO-{AEF55D73-02BC-4ED8-ADA0-F780C1056001} - (no file)
BHO-{B93C20F6-DF63-452D-A035-E99D91096489} - (no file)
BHO-{C58E9BF2-4C11-48BE-A404-6521EF8B5BF3} - (no file)
BHO-{C777409B-C6D8-4CBE-B425-762447F9A4FD} - (no file)
BHO-{DF4A7177-0918-4184-8371-03F8C14477E8} - (no file)
BHO-{E56E8452-5338-4257-A772-7B3480791F00} - (no file)
BHO-{FC9FDAA8-3691-4182-8CF0-389E0079D628} - (no file)
HKLM-Run-c0982344 - c:\windows\system32\mstcmiqa.dll
Notify-AutorunsDisabled - hgGwTnml.dll
Notify-hgGwTnml - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=aim
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 04:04:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3725260815-3485517607-2614902147-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\S*NULL*P*NULL*O*NULL*R*NULL*E*NULL*"!]
"Order"=hex:08,00,00,00,02,00,00,00,76,02,00,00,01,00,00,00,05,00,00,00,78,00,\
00,00,00,00,00,00,6a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,58,00,32,\
00,46,08,00,00,82,39,1b,98,20,00,45,41,48,45,4c,50,7e,31,2e,4c,4e,4b,00,00,\
2e,00,03,00,04,00,ef,be,82,39,1b,98,82,39,15,20,14,00,00,00,45,00,41,00,20,\
00,48,00,65,00,6c,00,70,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,\
0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,78,00,00,00,01,00,00,\
00,6a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,58,00,32,00,be,05,00,00,\
82,39,1b,98,20,00,52,45,41,44,4d,45,7e,31,2e,4c,4e,4b,00,00,2e,00,03,00,04,\
00,ef,be,82,39,1b,98,82,39,15,20,14,00,00,00,52,00,65,00,61,00,64,00,20,00,\
4d,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,\
00,00,00,1c,00,00,00,00,00,00,00,00,00,7c,00,00,00,02,00,00,00,6e,00,00,00,\
41,75,67,4d,02,00,00,00,01,00,00,00,5c,00,32,00,6d,06,00,00,82,39,1b,98,20,\
00,53,50,4f,52,45,43,7e,31,2e,4c,4e,4b,00,00,32,00,03,00,04,00,ef,be,82,39,\
1b,98,82,39,15,20,14,00,00,00,53,00,70,00,6f,00,72,00,65,00,2e,00,63,00,6f,\
00,6d,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,\
00,00,1c,00,00,00,00,00,00,00,00,00,74,00,00,00,03,00,00,00,66,00,00,00,41,\
75,67,4d,02,00,00,00,01,00,00,00,54,00,32,00,58,07,00,00,82,39,1b,98,20,00,\
53,50,4f,52,45,7e,31,2e,4c,4e,4b,00,2c,00,03,00,04,00,ef,be,82,39,1b,98,82,\
39,6a,33,14,00,00,00,53,00,50,00,4f,00,52,00,45,00,22,21,2e,00,6c,00,6e,00,\
6b,00,00,00,1a,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1a,00,00,00,00,00,00,\
00,00,00,8a,00,00,00,04,00,00,00,7c,00,00,00,41,75,67,4d,02,00,00,00,01,00,\
00,00,6a,00,32,00,d3,07,00,00,82,39,1b,98,20,00,55,4e,49,4e,53,54,7e,31,2e,\
4c,4e,4b,00,00,40,00,03,00,04,00,ef,be,82,39,1b,98,82,39,15,20,14,00,00,00,\
55,00,6e,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,53,00,50,00,4f,\
00,52,00,45,00,22,21,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,\
ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-3725260815-3485517607-2614902147-1004\Software\SecuROM\License information*NULL*]
"datasecu"=hex:6c,3b,67,e4,c5,4c,f7,3a,64,8b,5a,2a,78,64,96,28,1b,a4,8d,3f,b9,\
e5,03,2a,61,c9,aa,30,3a,75,2f,9c,b1,1a,ca,24,16,04,b6,75,4d,89,43,09,44,7c,\
ad,79,87,55,12,60,10,e2,a0,8f,e9,d5,c8,f1,c7,ce,73,26,1b,7f,1a,9a,96,51,9b,\
8b,27,96,96,92,39,87,7e,5d,69,12,1b,94,d2,17,37,a9,c9,f2,45,64,6a,6d,59,61,\
97,c6,02,9c,48,e6,9e,e2,f1,1e,13,28,88,b8,bb,43,ff,5a,81,2b,0d,60,e5,02,d2,\
82,25,91,39,08,fb,83,04,de,61,4e,01,c2,6d,ad,1b,5a,39,65,20,94,38,de,5d,cf,\
1c,9a,86,e7,30,0a,6c,ab,7c,83,bf,eb,d2,ef,92,af,36,9c,d1,55,c8,2d,8f,5c,d4,\
18,75,99,99,ca,2a,0a,b3,06,d6,10,c6,7e,db,b5,21,e5,7c,55,96,00,5f,19,79,01,\
64,8e,30,51,dc,d0,fb,c6,49,09,c0,2d,2e,03,e6,7a,68,cf,3c,4f,16,eb,f9,7e,eb,\
d7,25,b2,34,39,50,04,85,e9,18,e0,c3,f7,a9,14,03,28,7a,22,2d,26,93,d6,c7,25,\
84,0e,d3,15,9f,36,8d,9f,a3,ef,7b,aa,6c,6c,f1,14,64,bb,e5,6a,24,6a,fe,ec,00,\
05,4e,14,73,9b,3d,ac,ca,8f,34,8b,59,fa,67,fe,e8,94,8a,6a,f4,2c,9a,05,6e,ac,\
5f,5a,7a,0f,89,98,90,2d,09,9b,e6,e8,a8,33,31,1b,70,de,cd,d2,2d,35,fa,f3,47,\
20,eb,81,1d,0a,14,32,a5,65,63,07,6e,c4,1c,ab,dd,3b,3d,80,95,ae,c8,a0,f7,f2,\
a9,30,6f,c6,df,fd,ff,11,de,1e,a6,ff,9b,1b,6a,14,f5,57,60,90,a7,30,3b,c6,1b,\
dc,da,76,11,23,5c,7c,8b,65,1a,90,40,9d,46,01,77,60,56,fe,da,c2,32,73,65,9c,\
ac,8d,e1,e8,61,71,36,ca,cc,10,52,72,c4,7e,eb,c4,7a,ca,da,99,d2,07,f5,b7,06,\
42,9f,f5,9e,f0,ad,bc,b4,49,b5,79,60,e4,8e,a7,a0,1b,cf,f8,67,1b,d7,f8
"rkeysecu"=hex:b9,01,f2,35,d6,a2,62,24,8e,35,bd,1b,cf,3c,88,5b
.
Completion time: 2009-01-07 4:06:29
ComboFix-quarantined-files.txt 2009-01-07 09:06:26

Pre-Run: 14,234,707,968 bytes free
Post-Run: 14,420,004,864 bytes free

310 --- E O F --- 2008-12-12 01:31:40

#9 hellspark

hellspark
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 07 January 2009 - 01:07 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:52 PM, on 1/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\M-Audio Fast Track\GBInst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\TOMBRAID\TRAISVCS.EXE
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {029CF6CE-92BC-45C5-97C9-6E42EBF48419} - (no file)
O2 - BHO: (no name) - {042733A8-F89F-4C31-86A2-31EBB777EA2D} - (no file)
O2 - BHO: (no name) - {05FEE6A5-BABF-424E-801B-E616D82C8C56} - (no file)
O2 - BHO: (no name) - {12329E7F-FCF1-42A5-90D5-412CFAA0BF54} - (no file)
O2 - BHO: (no name) - {2ABAFDDE-5B13-4979-8F16-2FED30503AC4} - (no file)
O2 - BHO: (no name) - {44781669-B4DE-4029-928F-E78E50DA5DD9} - (no file)
O2 - BHO: (no name) - {4B7EF182-3944-4A08-BE7C-F3E02B4A745E} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59E502F5-4A0D-42D9-AA84-767CFD11128B} - (no file)
O2 - BHO: (no name) - {823ACDB3-9877-4DEC-8F85-3FDC4F1311D0} - (no file)
O2 - BHO: (no name) - {854B2F8B-9E68-4041-936B-A66619273D29} - (no file)
O2 - BHO: (no name) - {87F12B3F-64B7-4BBC-A5CF-A153799B3A6F} - (no file)
O2 - BHO: (no name) - {8D8136A3-6885-4101-9B7B-68F77ED29B4B} - (no file)
O2 - BHO: (no name) - {A98D0065-7326-41B5-B8D9-C5B692CDB82F} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AEF55D73-02BC-4ED8-ADA0-F780C1056001} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {B93C20F6-DF63-452D-A035-E99D91096489} - (no file)
O2 - BHO: (no name) - {C58E9BF2-4C11-48BE-A404-6521EF8B5BF3} - (no file)
O2 - BHO: (no name) - {C777409B-C6D8-4CBE-B425-762447F9A4FD} - (no file)
O2 - BHO: (no name) - {DF4A7177-0918-4184-8371-03F8C14477E8} - (no file)
O2 - BHO: (no name) - {E56E8452-5338-4257-A772-7B3480791F00} - (no file)
O2 - BHO: (no name) - {FC9FDAA8-3691-4182-8CF0-389E0079D628} - (no file)
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [c0982344] rundll32.exe "C:\WINDOWS\system32\mstcmiqa.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: hgGwTnml - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Fast Track Installer (FastTrackInstallerService) - Nemesis - C:\Program Files\M-Audio Fast Track\GBInst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Tomb Raider Advanced Installer Multiprocessor Helper (TraiHelper) - RatkovicDesign - C:\TOMBRAID\TRAISVCS.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8889 bytes

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 08 January 2009 - 12:18 AM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 hellspark

hellspark
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 08 January 2009 - 05:51 PM

The Eset scan didn't find anything, nor did it save a log file for me. Its running great, thanks so much!

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 09 January 2009 - 08:04 AM

Looks good to me.. Lets run HijackThis once again for my final review before I can wrap this up :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 hellspark

hellspark
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 10 January 2009 - 08:55 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:32 PM, on 1/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\M-Audio Fast Track\GBInst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\TOMBRAID\TRAISVCS.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {029CF6CE-92BC-45C5-97C9-6E42EBF48419} - (no file)
O2 - BHO: (no name) - {042733A8-F89F-4C31-86A2-31EBB777EA2D} - (no file)
O2 - BHO: (no name) - {05FEE6A5-BABF-424E-801B-E616D82C8C56} - (no file)
O2 - BHO: (no name) - {12329E7F-FCF1-42A5-90D5-412CFAA0BF54} - (no file)
O2 - BHO: (no name) - {2ABAFDDE-5B13-4979-8F16-2FED30503AC4} - (no file)
O2 - BHO: (no name) - {44781669-B4DE-4029-928F-E78E50DA5DD9} - (no file)
O2 - BHO: (no name) - {4B7EF182-3944-4A08-BE7C-F3E02B4A745E} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59E502F5-4A0D-42D9-AA84-767CFD11128B} - (no file)
O2 - BHO: (no name) - {823ACDB3-9877-4DEC-8F85-3FDC4F1311D0} - (no file)
O2 - BHO: (no name) - {854B2F8B-9E68-4041-936B-A66619273D29} - (no file)
O2 - BHO: (no name) - {87F12B3F-64B7-4BBC-A5CF-A153799B3A6F} - (no file)
O2 - BHO: (no name) - {8D8136A3-6885-4101-9B7B-68F77ED29B4B} - (no file)
O2 - BHO: (no name) - {A98D0065-7326-41B5-B8D9-C5B692CDB82F} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AEF55D73-02BC-4ED8-ADA0-F780C1056001} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {B93C20F6-DF63-452D-A035-E99D91096489} - (no file)
O2 - BHO: (no name) - {C58E9BF2-4C11-48BE-A404-6521EF8B5BF3} - (no file)
O2 - BHO: (no name) - {C777409B-C6D8-4CBE-B425-762447F9A4FD} - (no file)
O2 - BHO: (no name) - {DF4A7177-0918-4184-8371-03F8C14477E8} - (no file)
O2 - BHO: (no name) - {E56E8452-5338-4257-A772-7B3480791F00} - (no file)
O2 - BHO: (no name) - {FC9FDAA8-3691-4182-8CF0-389E0079D628} - (no file)
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [c0982344] rundll32.exe "C:\WINDOWS\system32\mstcmiqa.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: hgGwTnml - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Fast Track Installer (FastTrackInstallerService) - Nemesis - C:\Program Files\M-Audio Fast Track\GBInst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Tomb Raider Advanced Installer Multiprocessor Helper (TraiHelper) - RatkovicDesign - C:\TOMBRAID\TRAISVCS.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9617 bytes

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 11 January 2009 - 12:27 AM

Nope, you aren't clean yet..


IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Lavasoft Ad-Aware
2. Spybot - Search & Destroy
3. Viewpoint (all of them..)




Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {029CF6CE-92BC-45C5-97C9-6E42EBF48419} - (no file)
O2 - BHO: (no name) - {042733A8-F89F-4C31-86A2-31EBB777EA2D} - (no file)
O2 - BHO: (no name) - {05FEE6A5-BABF-424E-801B-E616D82C8C56} - (no file)
O2 - BHO: (no name) - {12329E7F-FCF1-42A5-90D5-412CFAA0BF54} - (no file)
O2 - BHO: (no name) - {2ABAFDDE-5B13-4979-8F16-2FED30503AC4} - (no file)
O2 - BHO: (no name) - {44781669-B4DE-4029-928F-E78E50DA5DD9} - (no file)
O2 - BHO: (no name) - {4B7EF182-3944-4A08-BE7C-F3E02B4A745E} - (no file)
O2 - BHO: (no name) - {59E502F5-4A0D-42D9-AA84-767CFD11128B} - (no file)
O2 - BHO: (no name) - {823ACDB3-9877-4DEC-8F85-3FDC4F1311D0} - (no file)
O2 - BHO: (no name) - {854B2F8B-9E68-4041-936B-A66619273D29} - (no file)
O2 - BHO: (no name) - {87F12B3F-64B7-4BBC-A5CF-A153799B3A6F} - (no file)
O2 - BHO: (no name) - {8D8136A3-6885-4101-9B7B-68F77ED29B4B} - (no file)
O2 - BHO: (no name) - {A98D0065-7326-41B5-B8D9-C5B692CDB82F} - (no file)
O2 - BHO: (no name) - {AEF55D73-02BC-4ED8-ADA0-F780C1056001} - (no file)
O2 - BHO: (no name) - {B93C20F6-DF63-452D-A035-E99D91096489} - (no file)
O2 - BHO: (no name) - {C58E9BF2-4C11-48BE-A404-6521EF8B5BF3} - (no file)
O2 - BHO: (no name) - {C777409B-C6D8-4CBE-B425-762447F9A4FD} - (no file)
O2 - BHO: (no name) - {DF4A7177-0918-4184-8371-03F8C14477E8} - (no file)
O2 - BHO: (no name) - {E56E8452-5338-4257-A772-7B3480791F00} - (no file)
O2 - BHO: (no name) - {FC9FDAA8-3691-4182-8CF0-389E0079D628} - (no file)
O4 - HKLM\..\Run: [c0982344] rundll32.exe "C:\WINDOWS\system32\mstcmiqa.dll",b
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: hgGwTnml - C:\WINDOWS\


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.



Run RSIT once again and post the log here :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 hellspark

hellspark
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 13 January 2009 - 12:34 AM

After uninstalling Adaware and Spybot, I ran Hijackthis and fixed the entries like you said, but a Spybot window appeard afterwards, and I had to click "Allow Change" for each entry that was deleted. Does this mean Spybot interfered? Here is the rsit log...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users