Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Major infection It seems like


  • This topic is locked This topic is locked
18 replies to this topic

#1 nighttrain20

nighttrain20

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 19 March 2009 - 03:06 PM

Attached File  DDS.txt   10.64KB   21 downloadsAbout 5 days ago my computer screen flashed a couple of times, it went black, and the computer rebooted. I thought it was a power surge...but I was wrong. Since then
I cannot stop getting these svc host error pop ups.
can not access my outlook express to get mail
every malware program I try to get, either it won't let me d/l it or If I does...it will not run
Mcaffee will not update and it says my computer in not fully protected
Microsoft updates will not work
when ever I try to search on Internet explorer..I redirects me to another site mostly seems to be related to google
I d/l google browser and at least the pop ups have svc errors have slowed down.

I have attached the DDS file and the Attach file.

I sure hope you can help me out folks.

Thank you for your time, I will await your response.

Tony

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:55 PM

Posted 19 March 2009 - 04:56 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 nighttrain20

nighttrain20
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 19 March 2009 - 05:22 PM

I did what you said but after a while it stops scanning and I get an "otlinstl2"dialog box saying Win32 error. Code: 1500. The event log file is corrupted. I tryed it 3 times and got the same error.

Awaiting instruction

Tony

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:55 PM

Posted 19 March 2009 - 05:35 PM

Let's try a different tool.

Please download random's system information tool (RSIT) and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 nighttrain20

nighttrain20
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 19 March 2009 - 05:40 PM

Here you go Sam,

Awaiting instruction

Tony


Logfile of random's system information tool 1.05 (written by random/random)
Run by Dad's Computer at 2009-03-19 18:36:43
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 89 GB (60%) free of 149 GB
Total RAM: 1022 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:59 PM, on 03/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Dad's Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Dad's Computer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dad's Computer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dad's Computer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dad's Computer\My Documents\Downloads\OTListIt2.exe
C:\Documents and Settings\Dad's Computer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Dad's Computer\My Documents\Downloads\RSIT.exe
C:\Documents and Settings\Dad's Computer\My Documents\Downloads\Dad's Computer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://2uid.info
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O14 "\\MINE\Printer" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /M "Stylus Photo RX500" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dad's Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Spybot - Search & Destroy] C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Dad's Computer\Start Menu\Programs\UltimateBet\UltimateBet.lnk
O9 - Extra 'Tools' menuitem: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\Dad's Computer\Start Menu\Programs\UltimateBet\UltimateBet.lnk
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102...all/xscan53.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E302F157-A890-4B6F-A421-839D25055D6D} (NLSysInfo Control) - http://www.novalogic.com/pub/NLSysInfo.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EF0D07E-D05E-42E3-8EA3-BBDEB55374E4}: NameServer = 85.255.112.152,85.255.112.158
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.152,85.255.112.158
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.152,85.255.112.158
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.152,85.255.112.158
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.152,85.255.112.158
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10131 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1469528180-1414648073-3814679842-1006.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-06-07 399352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2004-05-12 744960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-11-16 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-18 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-06-07 399352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo RX500"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE [2003-06-01 99840]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-03-08 337216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo RX500"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE [2003-06-01 99840]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Google Update"=C:\Documents and Settings\Dad's Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-16 133104]
"Spybot - Search & Destroy"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2004-05-12 3948032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe [2003-10-13 1732608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2004-11-16 127035]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-10-12 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EA Link\Core.exe [2007-02-19 2875392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2005-11-15 1200128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe [2004-06-29 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe [2006-01-19 11776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-08-20 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE [2003-02-25 77887]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
C:\Program Files\Real\RealPlayer\realplay.exe [2007-09-15 208941]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2007-09-15 208941]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
C:\Program Files\Registry Mechanic\RegMech.exe [2008-07-08 2828184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-06-30 1388544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe [2005-06-03 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-09-15 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe [2007-11-25 735824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TurboHddUsb]
C:\Program Files\TurboHddUsb\TurboHddUsb.exe [2008-12-15 3327488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinService32]
ssmon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
C:\PROGRA~1\Adobe\ADOBEA~1.0\Distillr\acrotray.exe [2003-05-15 217193]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-10-12 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2007-05-11 738968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2005-11-08 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pervasive.SQL Workgroup Engine.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]
C:\PROGRA~1\ArcSoft\TOTALM~1\UBBMON~1.EXE [2008-02-19 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dad's Computer^Start Menu^Programs^Startup^Morpheus.lnk]
C:\PROGRA~1\Morpheus\Morpheus.exe -min []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dad's Computer^Start Menu^Programs^Startup^Registration .LNK]
E:\Support\Register\RegistrationReminder.exe -d 802230 -l english -r 7 -g -c us -i []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dad's Computer^Start Menu^Programs^Startup^Sid Registration.lnk]
E:\ATR1.exe /remind /language=ENU /PRNM=Sid/PRMP=PIRS/SKUN=PCXX/GTYP=STRY []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dad's Computer^Start Menu^Programs^Startup^Sins of a Solar Empire Launcher.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2
"PnkBstrA"=2
"ose"=3
"MDM"=2
"Macromedia Licensing Service"=3
"IDriverT"=3
"IAANTMon"=2
"gusvc"=2
"DSBrokerService"=3
"Coar160"=3
"AresChatServer"=3
"AdobeVersionCue"=3
"Adobe LM Service"=3
"AcrSch2Svc"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"_NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\WINDOWS\SYSTEM32\USMT\MIGWIZ.EXE"="C:\WINDOWS\SYSTEM32\USMT\MIGWIZ.EXE:*:Enabled:Files and Settings Transfer Wizard"
"C:\WINDOWS\SYSTEM32\DPVSETUP.EXE"="C:\WINDOWS\SYSTEM32\DPVSETUP.EXE:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\SYSTEM32\RUNDLL32.EXE"="C:\WINDOWS\SYSTEM32\RUNDLL32.EXE:*:Enabled:Run a DLL as an App"
"C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\Jointops.exe"="C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\Jointops.exe:*:Enabled:Jointops"
"C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\UPDATE.EXE"="C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\UPDATE.EXE:*:Enabled:UPDATE"
"C:\Program Files\Call of Duty\CoDUOMP.exe"="C:\Program Files\Call of Duty\CoDUOMP.exe:*:Enabled:CoDUOMP"
"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\SAGENT4.EXE"="C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Program Files\NovaLogic\Delta Force Black Hawk Down\UPDATE.EXE"="C:\Program Files\NovaLogic\Delta Force Black Hawk Down\UPDATE.EXE:*:Enabled:UPDATE"
"C:\Program Files\NovaLogic\Delta Force Black Hawk Down\DFBHD.EXE"="C:\Program Files\NovaLogic\Delta Force Black Hawk Down\DFBHD.EXE:*:Enabled:DFBHD"
"\\mine\Cute FTP\CuteFTP\CUTFTP32.EXE"="\\mine\Cute FTP\CuteFTP\CUTFTP32.EXE:*:Enabled:CUTFTP32.EXE"
"C:\Program Files\Dell Inc\Dell Picture Studio v3.0\launch.exe"="C:\Program Files\Dell Inc\Dell Picture Studio v3.0\launch.exe:*:Enabled:Jasc Paint Shop Photo Album 5 Application"
"C:\Filetopia3\Filetopia.exe"="C:\Filetopia3\Filetopia.exe:*:Disabled:Filetopia"
"C:\Program Files\NAIC Club Accounting 2\jre\bin\java.exe"="C:\Program Files\NAIC Club Accounting 2\jre\bin\java.exe:*:Enabled:java"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe"="C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\Program Files\Electronic Arts\Battlefield 2142 Demo\BF2142.exe"="C:\Program Files\Electronic Arts\Battlefield 2142 Demo\BF2142.exe:*:Enabled:Battlefield 2"
"C:\Program Files\TRADITION SOFTWARE\PreLien2Lien\prelien2lien.exe"="C:\Program Files\TRADITION SOFTWARE\PreLien2Lien\prelien2lien.exe:*:Enabled:PreLien2Lien"
"C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe"="C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\WINDOWS\SYSTEM32\PnkBstrA.exe"="C:\WINDOWS\SYSTEM32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\SYSTEM32\PnkBstrB.exe"="C:\WINDOWS\SYSTEM32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War™"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War™"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-03-19 18:36:43 ----DC---- C:\rsit
2009-03-16 19:11:59 ----D---- C:\Program Files\Panda Security
2009-03-16 18:47:35 ----D---- C:\Documents and Settings\Dad's Computer\Application Data\WinPatrol
2009-03-16 18:47:26 ----D---- C:\Program Files\BillP Studios
2009-03-16 18:44:29 ----DC---- C:\!KillBox
2009-03-16 17:59:56 ----AC---- C:\lcl.txt
2009-03-16 17:27:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-16 17:03:03 ----DC---- C:\Temp
2009-03-15 10:33:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-15 10:29:04 ----DC---- C:\Avenger
2009-03-15 10:24:57 ----D---- C:\Program Files\Trojan Remover
2009-03-15 10:24:57 ----D---- C:\Documents and Settings\Dad's Computer\Application Data\Simply Super Software
2009-03-15 10:24:57 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2009-03-15 10:24:57 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2009-03-15 10:24:57 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2009-03-15 10:24:57 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2009-03-15 10:24:57 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2009-03-15 10:24:57 ----A---- C:\WINDOWS\system32\unacev2.dll
2009-03-14 10:26:19 ----D---- C:\Program Files\SpyZooka
2009-03-14 10:26:11 ----D---- C:\Program Files\Common Files\Download Manager
2009-03-14 09:09:02 ----D---- C:\Program Files\CCleaner
2009-03-14 08:22:51 ----AC---- C:\avenger.txt
2009-03-14 08:15:29 ----A---- C:\WINDOWS\owuaqvyt.txt
2009-03-14 07:24:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-11 15:35:10 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2009-03-11 15:35:08 ----D---- C:\Program Files\Registry Mechanic
2009-03-07 11:45:00 ----A---- C:\WINDOWS\DosHlpLnk.ini
2009-03-07 11:43:48 ----A---- C:\WINDOWS\LottoBuster.ini
2009-03-07 11:24:19 ----DC---- C:\Lotto Buster
2009-02-21 18:20:46 ----AC---- C:\AuResult.ini
2009-02-21 11:23:38 ----AC---- C:\AILog.txt
2009-02-21 10:47:35 ----D---- C:\Program Files\Microsoft Games
2009-02-21 10:40:47 ----D---- C:\Documents and Settings\All Users\Application Data\Links 2003

======List of files/folders modified in the last 1 months======

2009-03-19 18:16:23 ----D---- C:\WINDOWS\Temp
2009-03-19 17:39:05 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-19 17:37:47 ----D---- C:\WINDOWS\system32\DRIVERS
2009-03-19 16:50:38 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt
2009-03-16 21:05:11 ----D---- C:\WINDOWS\Prefetch
2009-03-16 19:37:46 ----D---- C:\WINDOWS
2009-03-16 19:11:59 ----HD---- C:\WINDOWS\INF
2009-03-16 19:11:59 ----D---- C:\Program Files
2009-03-16 19:11:38 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-16 19:11:37 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-16 18:27:35 ----SD---- C:\WINDOWS\Tasks
2009-03-16 17:42:00 ----RASHC---- C:\BOOT.INI
2009-03-16 17:42:00 ----A---- C:\WINDOWS\WIN.INI
2009-03-16 17:42:00 ----A---- C:\WINDOWS\SYSTEM.INI
2009-03-16 17:36:12 ----D---- C:\My Music
2009-03-16 17:27:11 ----D---- C:\DELL
2009-03-16 16:46:36 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-03-15 10:29:04 ----D---- C:\WINDOWS\SYSTEM32
2009-03-14 18:22:31 ----D---- C:\WINDOWS\system32\LogFiles
2009-03-14 18:19:19 ----SHD---- C:\WINDOWS\Installer
2009-03-14 18:19:18 ----D---- C:\Config.Msi
2009-03-14 18:17:47 ----D---- C:\Program Files\DNA
2009-03-14 18:16:51 ----D---- C:\Program Files\Quest@Home
2009-03-14 18:15:25 ----D---- C:\Documents and Settings\All Users\Application Data\BVRP Software
2009-03-14 10:26:11 ----D---- C:\Program Files\Common Files
2009-03-14 09:13:16 ----D---- C:\WINDOWS\Minidump
2009-03-14 09:13:16 ----D---- C:\WINDOWS\Debug
2009-03-11 14:44:49 ----D---- C:\Documents and Settings
2009-03-10 16:34:02 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-10 15:18:39 ----D---- C:\Program Files\Morpheus
2009-03-09 15:22:18 ----SHD---- C:\RECYCLER
2009-02-25 04:22:35 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-02-24 16:05:29 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-21 18:15:27 ----D---- C:\WINDOWS\Help
2009-02-21 10:47:39 ----RSD---- C:\WINDOWS\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 FNETURPX;FNETURPX; C:\WINDOWS\System32\drivers\FNETURPX.SYS [2008-12-15 7040]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 cnmpar21;C; \??\C:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon SELPHY DS810 Installer\Inst2\cnmpar21.sys []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-11-16 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-11-16 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-11-16 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-11-16 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-11-16 86554]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-11-16 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-11-16 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-11-16 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-11-16 100603]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 axvbusx;axvbusx; C:\WINDOWS\system32\DRIVERS\axvbusx.sys [2003-01-31 8384]
R3 axvscsi;axvscsi; C:\WINDOWS\system32\DRIVERS\axvscsi.sys [2003-01-31 100256]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-05-29 186112]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-06 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-06 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-16 61157]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-06 37048]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-08-11 14604]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-08-13 258368]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys []
S3 ac41c12m;ac41c12m; C:\WINDOWS\system32\drivers\ac41c12m.sys []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 FNETTBOH;FNETTBOH; C:\WINDOWS\System32\drivers\FNETTBOH.SYS [2008-12-15 17792]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\system32\drivers\Pcouffin.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2007-12-31 22768]
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP; C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys [2008-12-08 25600]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\drivers\wanatw.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 EPSON_PM_RPCV2_01;EPSON V3 Service2(03); C:\WINDOWS\system32\E_S00RP1.EXE [2002-06-30 62464]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-03-14 68096]
S4 AdobeVersionCue;AdobeVersionCue; C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe [2003-10-13 61440]
S4 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-18 168432]
S4 IAANTMon;IAA Event Monitor; C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe [2004-06-29 73852]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2006-01-25 69632]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2005-10-29 144576]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-12-15 66872]
S4 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

-----------------EOF-----------------

Attached Files

  • Attached File  info.txt   32.55KB   17 downloads
  • Attached File  log.txt   43.05KB   6 downloads

Edited by Buckeye_Sam, 19 March 2009 - 05:46 PM.


#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:55 PM

Posted 19 March 2009 - 05:50 PM

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.


=================


Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 nighttrain20

nighttrain20
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 19 March 2009 - 05:59 PM

Ok Sam,

I've sent the log...( looks empty to me)

I've tried several times to d/l malwarebytes and It will install on my computer but it will not run.

Attached Files



#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:55 PM

Posted 20 March 2009 - 08:59 AM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 nighttrain20

nighttrain20
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 20 March 2009 - 01:45 PM

File log is attached

Awaiting instructions


ComboFix 09-03-19.02 - Dad's Computer 2009-03-20 14:27:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.662 [GMT -4:00]
Running from: c:\documents and settings\Dad's Computer\My Documents\Downloads\ComboFix (2).exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Sysmnt
c:\program files\Sysmnt\help.chm
c:\program files\Sysmnt\license.txt
c:\program files\Sysmnt\unins000.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\patch.exe
c:\windows\SNMPAPI.DLL
c:\windows\sv.ini
c:\windows\system32\a.exe
c:\windows\system32\drivers\gaopdxnfhvkumxuhpvqqhnocorrboevabvnhtw.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxkewnwhhjsnnmltlxqrdxvcmoraopcrdw.dll
c:\windows\system32\ijl11pro.dll
c:\windows\system32\install.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys
-------\Legacy_FAD


((((((((((((((((((((((((( Files Created from 2009-02-20 to 2009-03-20 )))))))))))))))))))))))))))))))
.

2009-03-20 14:22 . 2009-03-20 14:22 <DIR> d----c--- C:\32788R22FWJFW
2009-03-19 18:36 . 2009-03-19 18:37 <DIR> d----c--- C:\rsit
2009-03-16 19:12 . 2008-06-19 16:24 28,544 --a------ c:\windows\SYSTEM32\DRIVERS\pavboot.sys
2009-03-16 19:11 . 2009-03-16 19:11 <DIR> d-------- c:\program files\Panda Security
2009-03-16 18:47 . 2009-03-16 18:47 <DIR> d-------- c:\program files\BillP Studios
2009-03-16 18:47 . 2009-03-16 18:47 <DIR> d-------- c:\documents and settings\Dad's Computer\Application Data\WinPatrol
2009-03-16 18:44 . 2009-03-16 18:44 <DIR> d----c--- C:\!KillBox
2009-03-16 17:03 . 2009-03-16 17:04 <DIR> d----c--- C:\Temp
2009-03-15 10:33 . 2009-03-19 17:37 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-15 10:33 . 2009-02-11 10:19 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-03-15 10:33 . 2009-02-11 10:19 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-03-15 10:24 . 2009-03-16 17:35 <DIR> d-------- c:\program files\Trojan Remover
2009-03-15 10:24 . 2009-03-15 10:24 <DIR> d-------- c:\documents and settings\Dad's Computer\Application Data\Simply Super Software
2009-03-15 10:24 . 2009-03-15 10:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-03-15 10:24 . 2006-05-25 14:52 162,304 --a------ c:\windows\SYSTEM32\ztvunrar36.dll
2009-03-15 10:24 . 2003-02-02 19:06 153,088 --a------ c:\windows\SYSTEM32\UNRAR3.dll
2009-03-15 10:24 . 2005-08-26 00:50 77,312 --a------ c:\windows\SYSTEM32\ztvunace26.dll
2009-03-15 10:24 . 2002-03-06 00:00 75,264 --a------ c:\windows\SYSTEM32\unacev2.dll
2009-03-15 10:24 . 2006-06-19 12:01 69,632 --a------ c:\windows\SYSTEM32\ztvcabinet.dll
2009-03-14 18:48 . 2009-03-14 18:48 61,440 --a------ c:\windows\SYSTEM32\DRIVERS\pkkqj.sys
2009-03-14 10:37 . 2009-03-14 10:37 61,440 --a------ c:\windows\SYSTEM32\DRIVERS\tkyhlec.sys
2009-03-14 10:37 . 2009-03-14 10:37 61,440 --a------ c:\windows\SYSTEM32\DRIVERS\tkyhlec(2).sys
2009-03-14 10:37 . 2009-03-14 10:37 61,440 --a------ c:\windows\SYSTEM32\DRIVERS\nepmxel.sys
2009-03-14 10:37 . 2009-03-14 10:37 61,440 --a------ c:\windows\SYSTEM32\DRIVERS\nepmxel(2).sys
2009-03-14 10:37 . 2009-03-14 10:37 61,440 --a------ c:\windows\SYSTEM32\DRIVERS\iezi.sys
2009-03-14 10:37 . 2009-03-14 10:37 61,440 --a------ c:\windows\SYSTEM32\DRIVERS\iezi(2).sys
2009-03-14 10:37 . 2009-03-14 10:37 61,440 --a------ c:\windows\SYSTEM32\DRIVERS\djdgg.sys
2009-03-14 10:37 . 2009-03-14 10:37 61,440 --a------ c:\windows\SYSTEM32\DRIVERS\djdgg(2).sys
2009-03-14 10:26 . 2009-03-14 17:58 <DIR> d-------- c:\program files\SpyZooka
2009-03-14 10:26 . 2009-03-14 10:26 <DIR> d-------- c:\program files\Common Files\Download Manager
2009-03-14 09:09 . 2009-03-14 09:09 <DIR> d-------- c:\program files\CCleaner
2009-03-14 08:19 . 2009-03-14 08:19 61,440 --a------ c:\windows\SYSTEM32\DRIVERS\agvoxx.sys
2009-03-14 08:19 . 2009-03-14 08:19 61,440 --a------ c:\windows\SYSTEM32\DRIVERS\agvoxx(2).sys
2009-03-14 08:15 . 2009-03-14 08:15 61,440 --a------ c:\windows\SYSTEM32\DRIVERS\amvk.sys
2009-03-14 07:24 . 2009-03-14 07:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-11 16:05 . 2009-03-11 16:05 2,524 --a--c--- C:\autorun.PNF
2009-03-11 14:44 . 2005-01-14 02:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Sonic
2009-03-11 14:44 . 2005-01-14 02:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Jasc Software Inc
2009-03-11 14:44 . 2009-03-11 14:44 <DIR> d-------- c:\documents and settings\Administrator
2009-03-07 11:45 . 2009-03-16 16:56 74 --a------ c:\windows\DosHlpLnk.ini
2009-03-07 11:43 . 2009-03-16 16:56 2,754 --a------ c:\windows\LottoBuster.ini
2009-03-07 11:24 . 2009-03-16 16:56 <DIR> d----c--- C:\Lotto Buster
2009-02-21 18:20 . 2009-02-21 18:20 11 --a--c--- C:\AuResult.ini
2009-02-21 10:47 . 2009-02-21 10:47 <DIR> d-------- c:\program files\Microsoft Games
2009-02-21 10:40 . 2009-02-21 10:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Links 2003

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 21:39 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-16 20:46 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-14 22:17 --------- d-----w c:\program files\DNA
2009-03-14 22:16 --------- d-----w c:\program files\Quest@Home
2009-03-14 22:15 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2009-03-10 19:18 --------- d-----w c:\program files\Morpheus
2009-02-19 18:37 --------- d-----w c:\documents and settings\Dad's Computer\Application Data\Auslogics
2009-02-19 18:36 --------- d-----w c:\program files\Auslogics
2009-02-13 19:05 --------- d-----w c:\program files\UltimateBet
2009-02-10 17:53 --------- d-----w c:\documents and settings\Dad's Computer\Application Data\AdobeUM
2009-02-01 17:09 --------- d-----w c:\documents and settings\Dad's Computer\Application Data\SmartDraw
2009-01-26 17:06 --------- d-----w c:\program files\Aladdins Palace
2009-01-26 16:36 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-09 19:55 105,912 -c--a-w c:\documents and settings\Dad's Computer\Application Data\GDIPFONTCACHEV1.DAT
2008-12-15 20:25 22,328 ----a-w c:\documents and settings\Dad's Computer\Application Data\PnkBstrK.sys
2008-12-08 19:14 92,064 ----a-w c:\documents and settings\Dad's Computer\mqdmmdm.sys
2008-12-08 19:14 9,232 ----a-w c:\documents and settings\Dad's Computer\mqdmmdfl.sys
2008-12-08 19:14 79,328 ----a-w c:\documents and settings\Dad's Computer\mqdmserd.sys
2008-12-08 19:14 66,656 ----a-w c:\documents and settings\Dad's Computer\mqdmbus.sys
2008-12-08 19:14 6,208 ----a-w c:\documents and settings\Dad's Computer\mqdmcmnt.sys
2008-12-08 19:14 5,936 ----a-w c:\documents and settings\Dad's Computer\mqdmwhnt.sys
2008-12-08 19:14 4,048 ----a-w c:\documents and settings\Dad's Computer\mqdmcr.sys
2008-12-08 19:14 25,600 ----a-w c:\documents and settings\Dad's Computer\usbsermptxp.sys
2008-12-08 19:14 22,768 ----a-w c:\documents and settings\Dad's Computer\usbsermpt.sys
2002-04-16 15:27 5 --sha-w c:\windows\SYSTEM32\CdI5T.drv
2008-09-05 21:22 32,768 -csha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008090520080906\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo RX500"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE" [2003-06-01 99840]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo RX500"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE" [2003-06-01 99840]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-03-08 337216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-20 443968]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pervasive.SQL Workgroup Engine.lnk]
backup=c:\windows\pss\Pervasive.SQL Workgroup Engine.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
backup=c:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
backup=c:\windows\pss\Trend Micro Anti-Spyware.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dad's Computer^Start Menu^Programs^Startup^Morpheus.lnk]
backup=c:\windows\pss\Morpheus.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Dad's Computer^Start Menu^Programs^Startup^Registration .LNK]
backup=c:\windows\pss\Registration .LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Dad's Computer^Start Menu^Programs^Startup^Sid Registration.lnk]
backup=c:\windows\pss\Sid Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Dad's Computer^Start Menu^Programs^Startup^Sins of a Solar Empire Launcher.lnk]
backup=c:\windows\pss\Sins of a Solar Empire Launcher.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinService32]
ssmon [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2006-10-23 02:48 40048 c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]
--a--c--- 2003-10-13 17:24 1732608 c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a--c--- 2007-03-15 11:09 460784 c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-11-16 01:05 127035 c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2004-10-12 18:54 57344 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2007-02-19 14:39 2875392 c:\program files\Electronic Arts\EA Link\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2009-03-16 18:27 133104 c:\documents and settings\Dad's Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2005-11-15 20:44 1200128 c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2004-06-29 11:23 135168 c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a------ 2003-09-03 22:12 221184 c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-03-20 17:34 213936 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 19:12 582992 c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a--c--- 2006-01-19 12:06 11776 c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-13 20:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 14:33 13574144 c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 14:33 86016 c:\windows\SYSTEM32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-08-20 21:18 443968 c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
--a------ 2003-02-25 20:27 77887 c:\program files\WordPerfect Office 11\Programs\QFSCHD110.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
--a------ 2007-09-15 16:27 208941 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2007-09-15 16:27 208941 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
--a------ 2008-07-08 17:41 2828184 c:\program files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a--c--- 2004-06-30 15:33 1388544 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spybot - Search & Destroy]
--a------ 2004-05-12 02:03 3948032 c:\program files\Spybot - Search & Destroy\SpybotSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-06-03 03:52 36975 c:\program files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-09-15 16:27 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 2007-11-25 13:33 735824 c:\program files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TurboHddUsb]
--a------ 2008-12-15 15:15 3327488 c:\program files\TurboHddUsb\TurboHddUsb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 03:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-10-07 14:33 1630208 c:\windows\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2 (0x2)
"PnkBstrA"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"IDriverT"=3 (0x3)
"IAANTMon"=2 (0x2)
"gusvc"=2 (0x2)
"DSBrokerService"=3 (0x3)
"Coar160"=3 (0x3)
"AresChatServer"=3 (0x3)
"AdobeVersionCue"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"AcrSch2Svc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\USMT\\MIGWIZ.EXE"=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\SAGENT4.EXE"=
"\\\\mine\\Cute FTP\\CuteFTP\\CUTFTP32.EXE"=
"c:\\Program Files\\Dell Inc\\Dell Picture Studio v3.0\\launch.exe"=
"c:\\Filetopia3\\Filetopia.exe"=
"c:\\Program Files\\NAIC Club Accounting 2\\jre\\bin\\java.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5000:TCP"= 5000:TCP:AresChatServer

R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [2009-03-16 28544]
R1 FNETURPX;FNETURPX;c:\windows\SYSTEM32\DRIVERS\FNETURPX.SYS [2008-12-15 7040]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R3 axvbusx;axvbusx;c:\windows\SYSTEM32\DRIVERS\axvbusx.sys [2003-01-31 8384]
R3 axvscsi;axvscsi;c:\windows\SYSTEM32\DRIVERS\axvscsi.sys [2003-01-31 100256]
S0 ppa;Iomega Parallel Port Filter Driver;c:\windows\SYSTEM32\DRIVERS\ppa.sys [2005-01-30 17792]
S3 FNETTBOH;FNETTBOH;c:\windows\SYSTEM32\DRIVERS\FNETTBOH.SYS [2008-12-15 17792]
S4 Coar160;Coar160; [x]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
.
Contents of the 'Scheduled Tasks' folder

2009-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1469528180-1414648073-3814679842-1006.job
- c:\documents and settings\Dad's Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-16 18:27]

2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-03-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-03-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe
MSConfigStartUp-TrueImageMonitor - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: {{10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\Dad's Computer\Start Menu\Programs\UltimateBet\UltimateBet.lnk
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {E302F157-A890-4B6F-A421-839D25055D6D} - hxxp://www.novalogic.com/pub/NLSysInfo.ocx
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 14:35:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1469528180-1414648073-3814679842-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e9,9e,46,e1,3b,7b,35,93,b6,71,2e,a7,ab,4c,2c,c6,cd,8a,97,a7,73,5f,c8,
32,ea,3b,ac,26,df,3c,12,ea,91,80,26,4c,fb,b8,ab,1c,11,b3,d6,b2,47,d7,8f,fd,\
"??"=hex:16,d7,d1,e0,b0,77,ec,e1,fa,f2,b0,3a,3d,81,3f,17

[HKEY_USERS\S-1-5-21-1469528180-1414648073-3814679842-1006\Software\SecuROM\License information*]
"datasecu"=hex:a1,a9,f6,2c,b9,df,c7,98,9e,73,83,3c,97,05,16,5a,44,0b,b2,65,89,
6c,0a,29,a7,a5,54,fc,06,dd,67,ac,1c,8f,a7,33,9a,14,45,97,50,bd,78,1e,8b,09,\
"rkeysecu"=hex:3c,42,92,f0,9b,39,b0,c6,c0,0f,a0,e4,e6,61,98,6f
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\windows\SYSTEM32\locator.exe
.
**************************************************************************
.
Completion time: 2009-03-20 14:39:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-20 18:39:13

Pre-Run: 93,287,272,448 bytes free
Post-Run: 93,207,289,856 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
346 --- E O F --- 2009-03-03 19:54:31

Attached Files


Edited by Buckeye_Sam, 20 March 2009 - 02:53 PM.


#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:55 PM

Posted 20 March 2009 - 03:03 PM

Please visit the online Jotti Virus Scanner
  • Click on Posted Image button.
  • Copy and paste the following filepath in the box:


    c:\windows\SYSTEM32\DRIVERS\amvk.sys


  • Click on the Posted Image button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.

If Jotti's too busy, try here:
Go here: http://www.virustotal.com/en/virustotalf.html


Is your computer behaving any differently now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 nighttrain20

nighttrain20
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 20 March 2009 - 03:10 PM

I am doing that right now Sam,

I was able to get Malwarebytes to work and it is sanning right now...13 infections so far. I will forward the malwarebytes log shortly. here's the Jotti results............

Service load:
0% 100%
File: amvk.sys
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 589312a3b46721c5a751e4d5222a89be
Packers detected:
-


Scanner results
Scan taken on 20 Mar 2009 20:05:45 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found Malware.W32.Agent.fu
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found W32/Renos.CNZ
Panda Antivirus
Found Rootkit/Agent.LNB
Quick Heal
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Powered by

Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

Sponsored by HotelScraper.com.

Statistics
Last file scanned at least one scanner reported something about: Bank_Modifier.exe (MD5: 2bea2059e697ba2eb65ee5c42a2c9046, size: 371235 bytes), detected by:

Scanner Malware name
A-Squared Generic.Win32.Virtools-Hacktools!IK
AntiVir TR/Virtl.7354
ArcaVir Trojan.Keylogger.Hatkeys.M04.A2
Avast X
AVG Antivirus Hook.O
BitDefender Virtool.7354
ClamAV Trojan.W32.HotKeysHook.A
CPsecure X
Dr.Web Tool.GameCrack
F-Prot Antivirus X
F-Secure Anti-Virus X
Ikarus Generic.Win32.Virtools-Hacktools
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Quick Heal X
Sophos Antivirus X
VirusBuster X
VBA32 X


You are free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.


Tony

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:55 PM

Posted 20 March 2009 - 03:20 PM

Good, good. Once the malwarebytes scan completes post that log along with a new log from Combofix.
We'll see what's left and take it from there.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 nighttrain20

nighttrain20
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 20 March 2009 - 03:51 PM

Sam,

Here are the 2 log you requested....

My computer is running much more smoothly!!!! No more error messages....I can access IE now with out being redirected....and I can access my e-mail with a problem.

Am I cured????????

If you would....Please fill me in on what we did. Was it a particular malware or virus?
also form what you have been looking at...Is there anything you see that puts me at risk of this happening again?

Not sure how this problem got on my computer.

Awaiting you response,

Tony

Attached Files



#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:55 PM

Posted 20 March 2009 - 04:21 PM

Combofix helped out a lot by removing the main infection that was preventing malwarebytes and others from running. But we are not done yet. You've still got a few files left that need to be removed.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
c:\windows\SYSTEM32\DRIVERS\agvoxx.sys
c:\windows\SYSTEM32\DRIVERS\agvoxx(2).sys
c:\windows\SYSTEM32\DRIVERS\amvk.sys
c:\windows\SYSTEM32\DRIVERS\pkkqj.sys
c:\windows\SYSTEM32\DRIVERS\tkyhlec.sys
c:\windows\SYSTEM32\DRIVERS\tkyhlec(2).sys
c:\windows\SYSTEM32\DRIVERS\nepmxel.sys
c:\windows\SYSTEM32\DRIVERS\nepmxel(2).sys
c:\windows\SYSTEM32\DRIVERS\iezi.sys
c:\windows\SYSTEM32\DRIVERS\iezi(2).sys
c:\windows\SYSTEM32\DRIVERS\djdgg.sys
c:\windows\SYSTEM32\DRIVERS\djdgg(2).sys
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


=================


Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 nighttrain20

nighttrain20
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 20 March 2009 - 04:46 PM

Sam,

Here's the latest log from combofix

I installed the latest version of Java

Awaiting instructions.

Tony

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users