Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With The Trojan Horse Lop.as


  • This topic is locked This topic is locked
17 replies to this topic

#1 pitpal86

pitpal86

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 03 January 2007 - 11:20 AM

AVG keeps catching this Trojan. I've ran scan after scan and it still pops up. Help!?


Logfile of HijackThis v1.99.1
Scan saved at 10:16:27 AM, on 1/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\World of Warcraft\BackgroundDownloader.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://tw.msi.com.tw/autobios/VerChk/LSeri...nction=LMonitor
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {8D5CED9F-53D5-4AF2-BCAD-601790EDB3B9} - C:\WINDOWS\system32\awtrpnk.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162943386515
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awtrpnk - C:\WINDOWS\SYSTEM32\awtrpnk.dll
O20 - Winlogon Notify: winbjv32 - C:\WINDOWS\SYSTEM32\winbjv32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 03 January 2007 - 11:31 AM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Please give me some time to look over your log and I will get back to you as soon as possible.
Thanks,
Charles

Edited by rookie147, 03 January 2007 - 11:31 AM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 03 January 2007 - 12:35 PM

Hey pitpal86, sorry for the delay.
Please download VundoFix to your Desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove.
VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Make a list of all the programs installed on your computer:
Open HijackThis
Click the Config... button, then go to the Misc Tools section.
Press Open Uninstall Manager. You'll see a list of programs.
Select Save List... - save it to your Desktop.
The file "uninstall_list.txt" will be created.
Copy and paste the contents of this file to your next reply.

Please post me back the VundoFix report, a new HijackThis log, along with the uninstall list
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#4 pitpal86

pitpal86
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 03 January 2007 - 11:45 PM

VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.9

Scan started at 10:33:09 PM 1/3/2007

Listing files found while scanning....

C:\WINDOWS\system32\winbjv32.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\winbjv32.dll
C:\WINDOWS\system32\winbjv32.dll Has been deleted!

Performing Repairs to the registry.
Done!


µTorrent
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 8
AIM 6.0
Alcohol 120% (Trial Version)
American McGee's Alice™
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HydraVision
AVG Anti-Spyware 7.5
AVG Free Edition
Battlecraft Vietnam
Battlefield Mod Development Toolkit 2.5
Battlefield Vietnam™
Battlefield Vietnam: WW2 Mod
BFV Command and Control Server Manager - BFVCC
BioWare Premium Module: Neverwinter Nights™ Kingmaker
Byteswarm LiveUpdate 2.1.0.3
City of Villains/City of Heroes (remove only)
Combined Community Codec Pack 2006-07-28 (Remove Only)
Command & Conquer Renegade
Dawn of War - Dark Crusade
Dawn Of War - Winter Assault
DawnOfWar
Dungeon Lords
FEAR
Foxit Reader
Freedom Force
GameSpy Arcade
Google Video Player
Half-Life® 2
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
IGN Download Manager 2.3.3
iTunes
IZArc 3.6
J2SE Runtime Environment 5.0 Update 9
MathPlayer
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (1.5.0.9)
MSI Live Update 3
MSN
MSN Messenger 7.5
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
myTunes Redux 1.0
Neverwinter Nights
OpenOffice.org 2.0
PowerDVD
PunkBuster for Battlefield Vietnam
Quake 4™
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Return to Castle Wolfenstein
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
SimCity 4
Spybot - Search & Destroy 1.4
Star Wars Empire at War
Star Wars Galactic Battlegrounds
Star Wars Galactic Battlegrounds: Clone Campaigns
Star Wars® Knights of the Old Republic® II: The Sith Lords™
Star Wars®: Knights of the Old Republic ™
Steam™
StyleXP (remove only)
Sunbelt Kerio Personal Firewall
Temple of Elemental Evil
The Sims 2
The Sims 2 Nightlife
The Sims 2 Pets
The Sims 2 University
Trillian
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Vampire - The Masquerade Bloodlines
Ventrilo Client
Viewpoint Media Player
Warhammer Mark of Chaos
Westwood Shared Internet Components
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WordWeb
World of Warcraft
Xfire (remove only)


Logfile of HijackThis v1.99.1
Scan saved at 10:42:30 PM, on 1/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://tw.msi.com.tw/autobios/VerChk/LSeri...nction=LMonitor
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {8D5CED9F-53D5-4AF2-BCAD-601790EDB3B9} - C:\WINDOWS\system32\awtrpnk.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162943386515
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awtrpnk - C:\WINDOWS\SYSTEM32\awtrpnk.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

#5 pitpal86

pitpal86
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 05 January 2007 - 04:18 AM

I guess I should have added that I'm still getting the same threat warning from AVG.

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 05 January 2007 - 09:58 AM

Hey pitpal
Double-click VundoFix.exe to run it.
When VundoFix re-opens, click "Scan for Vundo" button.
Once the scan is complete, right click inside the listbox (white box) and click "Add More Files"
Copy and paste the entries below into the top boxes (no arrows):

--> C:\WINDOWS\SYSTEM32\awtrpnk.dll

Click "Add Files" and click "Close Window".
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your Desktop will go blank as it starts removing Vundo - this is normal.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt in your next reply, along with a new HijackThis log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 pitpal86

pitpal86
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 05 January 2007 - 10:33 AM

Here is the latest logs.

VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.9

Scan started at 8:59:03 AM 1/5/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\awtrpnk.dll
C:\WINDOWS\SYSTEM32\awtrpnk.dll Could not be deleted.

Performing Repairs to the registry.
Done!


Logfile of HijackThis v1.99.1
Scan saved at 9:31:10 AM, on 1/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Greg\Desktop\VundoFix.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://tw.msi.com.tw/autobios/VerChk/LSeri...nction=LMonitor
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {8D5CED9F-53D5-4AF2-BCAD-601790EDB3B9} - C:\WINDOWS\system32\awtrpnk.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162943386515
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 05 January 2007 - 06:23 PM

Hey pitpal86,
Download Combofix to your Desktop (important!)
Go to Start | Run then copy and paste the following:
"%userprofile%\desktop\combofix.exe" /v awtrpnk.dll
Press OK
When finished, it should produce a log, combofix.txt, post that in your next reply.

Post me back the ComboFix log and a new HijackThis log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 pitpal86

pitpal86
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 08 January 2007 - 01:13 AM

Here are the new logs.

Greg - 07-01-07 23:57:38.01 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Greg\desktop"
Command switches used :: /v awtrpnk.dll

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\{3853C424-08A3-1033-0712-060628060001}


((((((((((((((((((((((((((((((( Files Created from 2006-12-07 to 2007-01-07 ))))))))))))))))))))))))))))))))))


2007-01-03 22:33 <DIR> d-------- C:\VundoFix Backups
2007-01-03 10:08 <DIR> d-------- C:\Program Files\HijackThis
2007-01-03 10:04 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-01-03 10:03 <DIR> d-------- C:\Documents and Settings\Greg\.housecall6.6
2007-01-03 09:43 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2007-01-03 09:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-01-03 09:42 <DIR> d-------- C:\Program Files\Lavasoft
2007-01-03 09:42 <DIR> d-------- C:\Documents and Settings\Greg\Application Data\Lavasoft
2007-01-02 04:02 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-01-02 04:02 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-01-02 03:19 22,541 --------- C:\WINDOWS\system32\awtrpnk.dll
2007-01-02 03:19 <DIR> dr-h----- C:\$VAULT$.AVG
2006-12-31 22:42 <DIR> d-------- C:\Documents and Settings\Greg\Application Data\U3
2006-12-28 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2006-12-28 01:52 <DIR> d-------- C:\Program Files\Google
2006-12-26 20:29 <DIR> d-------- C:\Program Files\Dreamcatcher
2006-12-26 11:21 2,241,024 --a------ C:\WINDOWS\system32\kernel1.exe
2006-12-26 09:00 <DIR> d-------- C:\Program Files\TGTSoft
2006-12-26 08:39 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2006-12-26 08:39 <DIR> d-------- C:\Program Files\VVSN
2006-12-26 08:38 <DIR> d-------- C:\Program Files\Logon Loader
2006-12-21 21:37 <DIR> d-------- C:\Documents and Settings\Greg\Application Data\acccore
2006-12-21 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2006-12-21 21:24 <DIR> d-------- C:\Program Files\Viewpoint
2006-12-21 21:24 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2006-12-21 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2006-12-21 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2006-12-21 21:23 <DIR> d-------- C:\Program Files\Common Files\AOL
2006-12-21 21:23 <DIR> d-------- C:\Program Files\AIM6
2006-12-21 21:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2006-12-18 19:04 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-12-18 19:04 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2006-12-18 19:04 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-12-18 19:04 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-12-18 19:04 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-12-18 19:04 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-12-18 19:04 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-12-18 19:04 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-12-18 19:03 74,240 --a------ C:\WINDOWS\system\CamExO20.dll
2006-12-18 19:03 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-12-18 19:03 44,544 --a------ C:\WINDOWS\system32\OVUI2.dll
2006-12-18 19:03 41,984 --a------ C:\WINDOWS\system32\OVUI2RC.dll
2006-12-18 19:03 39,424 --a------ C:\WINDOWS\system32\OVComS.exe
2006-12-18 19:03 314,752 --a------ C:\WINDOWS\system32\drivers\CamDrO21.sys
2006-12-18 19:03 20,480 --a------ C:\WINDOWS\system32\OVComC.dll
2006-12-18 19:03 116,736 --a------ C:\WINDOWS\system32\OVCodec2.dll
2006-12-18 18:56 <DIR> d-------- C:\Documents and Settings\Greg\Application Data\Ventrilo
2006-12-18 18:55 <DIR> d-------- C:\Program Files\Ventrilo
2006-12-18 18:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-12-17 16:53 <DIR> d-------- C:\Program Files\META
2006-12-15 08:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-12-13 19:51 <DIR> d-------- C:\Program Files\City of Heroes


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-07 23:58 -------- d-------- C:\Program Files\Common Files
2007-01-07 23:57 -------- d-------- C:\Documents and Settings\Greg\Application Data\MSN6
2007-01-07 23:55 -------- d-------- C:\Program Files\Mozilla Firefox
2007-01-03 02:30 -------- d-------- C:\Documents and Settings\Greg\Application Data\AVG7
2007-01-02 04:02 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-01-02 04:02 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2007-01-02 04:02 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-01-02 04:02 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-01-02 02:59 -------- d-------- C:\Documents and Settings\Greg\Application Data\uTorrent
2007-01-02 02:10 -------- d-------- C:\Documents and Settings\Greg\Application Data\OpenOffice.org2
2006-12-29 02:38 86 --ahs---- C:\Documents and Settings\Greg\Application Data\desktop.ini
2006-12-28 23:54 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-22 19:34 -------- d-------- C:\Program Files\World of Warcraft
2006-12-21 21:37 -------- d-------- C:\Program Files\Trillian
2006-12-21 21:23 -------- d-------- C:\Documents and Settings\Greg\Application Data\Mozilla
2006-12-15 09:55 -------- d---s---- C:\Documents and Settings\Greg\Application Data\Microsoft
2006-12-15 08:53 -------- d-------- C:\Program Files\Common Files\Adobe
2006-12-15 08:53 -------- d-------- C:\Documents and Settings\Greg\Application Data\Adobe
2006-12-15 08:52 -------- d-------- C:\Program Files\Adobe
2006-12-14 21:07 -------- d-------- C:\Program Files\Outlook Express
2006-12-14 21:07 -------- d-------- C:\Program Files\Common Files\System
2006-12-04 00:34 -------- d-------- C:\Program Files\Windows Media Player
2006-12-04 00:34 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-12-03 02:50 -------- d-------- C:\Documents and Settings\Greg\Application Data\IGN_DLM
2006-12-03 01:51 -------- d-------- C:\Program Files\id Software
2006-12-03 00:30 -------- d-------- C:\Program Files\Winamp
2006-12-02 00:12 -------- d-------- C:\Program Files\NeverwinterNights
2006-11-30 11:59 -------- d-------- C:\Program Files\Maxis
2006-11-23 04:23 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-11-23 04:01 -------- d-------- C:\Program Files\NAMCO BANDAI Games
2006-11-22 11:14 -------- d---s---- C:\Program Files\Xfire
2006-11-22 11:14 -------- d-------- C:\Documents and Settings\Greg\Application Data\Xfire
2006-11-22 11:09 -------- d-------- C:\Program Files\THQ
2006-11-22 11:06 -------- d-------- C:\Documents and Settings\Greg\Application Data\InstallShield
2006-11-21 20:08 -------- d-------- C:\Documents and Settings\Greg\Application Data\MSNInstaller
2006-11-21 12:47 -------- d-------- C:\Program Files\MSN
2006-11-21 12:35 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-21 12:30 -------- d-------- C:\Program Files\Design Science
2006-11-21 09:54 -------- d-------- C:\Documents and Settings\Greg\Application Data\Help
2006-11-20 18:47 -------- d-------- C:\Program Files\ATI Technologies
2006-11-20 10:31 -------- d-------- C:\Program Files\GameSpy Arcade
2006-11-20 10:30 -------- d-------- C:\Program Files\IGN
2006-11-20 02:42 33280 --a------ C:\WINDOWS\system32\snmp.exe
2006-11-19 16:51 -------- d-------- C:\Program Files\Sierra
2006-11-13 00:02 36352 --------- C:\WINDOWS\system32\tsgqec.dll
2006-11-13 00:02 288768 --------- C:\WINDOWS\system32\rhttpaa.dll
2006-11-13 00:02 1866240 --a------ C:\WINDOWS\system32\mstscax.dll
2006-11-13 00:02 116736 --------- C:\WINDOWS\system32\aaclient.dll
2006-11-12 17:10 -------- d-------- C:\Program Files\EA GAMES
2006-11-12 00:43 -------- d-------- C:\Documents and Settings\Greg\Application Data\Sun
2006-11-12 00:42 -------- d-------- C:\Program Files\uTorrent
2006-11-11 23:25 -------- d-------- C:\Program Files\Call of Duty
2006-11-11 20:28 -------- d-------- C:\Program Files\Warcraft III
2006-11-11 16:52 -------- d-------- C:\Program Files\Return to Castle Wolfenstein
2006-11-11 03:04 -------- d-------- C:\Program Files\Westwood
2006-11-11 02:36 -------- d-------- C:\Program Files\LucasArts
2006-11-11 00:33 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-11-10 22:52 -------- d-------- C:\Program Files\Common Files\Blizzard Entertainment
2006-11-10 13:24 -------- d-------- C:\Program Files\Irrational Games
2006-11-10 13:09 -------- d-------- C:\Program Files\MSXML 4.0
2006-11-10 13:07 -------- d-------- C:\Program Files\Microsoft Games
2006-11-10 13:04 -------- d-------- C:\Program Files\Byteswarm
2006-11-10 13:03 737280 --a------ C:\WINDOWS\iun6002.exe
2006-11-10 12:59 -------- d-------- C:\Program Files\BFVCC Server Manager
2006-11-09 18:39 -------- d-------- C:\Documents and Settings\Greg\Application Data\Leadertech
2006-11-09 18:34 -------- d-------- C:\Program Files\Atari
2006-11-07 23:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 20:17 -------- d-------- C:\Documents and Settings\Greg\Application Data\Apple Computer
2006-11-07 19:19 -------- d-------- C:\Program Files\MSN Messenger
2006-11-07 17:53 -------- d-------- C:\Program Files\IZArc
2006-11-07 17:51 -------- d-------- C:\Program Files\Valve
2006-11-07 12:03 -------- d-------- C:\Program Files\MSI
2006-11-07 11:57 -------- d-------- C:\Program Files\Sandboxie
2006-11-07 11:51 -------- d-------- C:\Documents and Settings\Greg\Application Data\Sandbox
2006-11-07 11:47 -------- d-------- C:\Program Files\Internet Explorer
2006-11-07 05:17 -------- d-------- C:\Program Files\WordWeb
2006-11-07 05:16 -------- d-------- C:\Program Files\Foxit Software
2006-11-07 03:47 -------- d-------- C:\Program Files\Activision
2006-11-07 03:03 -------- d-------- C:\Program Files\Messenger
2006-11-07 03:03 -------- d-------- C:\Documents and Settings\Greg\Application Data\Petroglyph
2006-11-07 03:01 -------- d-------- C:\Documents and Settings\Greg\Application Data\LucasArts
2006-11-07 02:13 -------- d-------- C:\Program Files\QuickTime
2006-11-07 02:13 -------- d-------- C:\Program Files\iTunes
2006-11-07 02:13 -------- d-------- C:\Program Files\iPod
2006-11-07 02:12 -------- d-------- C:\Program Files\Apple Software Update
2006-11-07 02:06 600576 --a------ C:\WINDOWS\system32\mstsc.exe
2006-11-07 02:04 -------- d-------- C:\Documents and Settings\Greg\Application Data\Real
2006-11-07 02:02 -------- d-------- C:\Program Files\Real
2006-11-07 02:02 -------- d-------- C:\Program Files\Common Files\xing shared
2006-11-07 02:02 -------- d-------- C:\Program Files\Common Files\Real
2006-11-07 01:23 -------- d-------- C:\Program Files\Java
2006-11-07 01:22 -------- d-------- C:\Program Files\Common Files\Java
2006-11-07 00:48 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-11-07 00:48 -------- d-------- C:\Program Files\Common Files\ODBC
2006-11-06 17:39 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-11-06 17:39 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-11-06 17:07 0 -rahs---- C:\MSDOS.SYS
2006-11-06 17:07 0 -rahs---- C:\IO.SYS
2006-11-06 17:07 0 --a------ C:\CONFIG.SYS
2006-11-06 17:07 0 --a------ C:\AUTOEXEC.BAT
2006-11-06 11:35 531568 --a------ C:\WINDOWS\system32\RmActivate_isv.exe
2006-11-06 11:35 523376 --a------ C:\WINDOWS\system32\RmActivate.exe
2006-11-06 11:35 519280 --a------ C:\WINDOWS\system32\SecProc_isv.dll
2006-11-06 11:35 518768 --a------ C:\WINDOWS\system32\SecProc.dll
2006-11-06 11:35 358000 --a------ C:\WINDOWS\system32\RmActivate_ssp.exe
2006-11-06 11:35 354416 --a------ C:\WINDOWS\system32\RmActivate_ssp_isv.exe
2006-11-06 11:35 323696 --a------ C:\WINDOWS\system32\msdrm.dll
2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\SecProc_ssp_isv.dll
2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\SecProc_ssp.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-27 15:09 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-19 07:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\WMASF.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 06:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 06:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 06:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-11 21:05 520192 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-10-11 19:47 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2006-10-11 19:44 260608 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-10-11 19:38 90112 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-10-11 19:38 41984 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-10-11 19:38 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2006-10-11 19:38 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll
2006-10-11 19:38 106496 --a------ C:\WINDOWS\system32\Oemdspif.dll
2006-10-11 19:37 430080 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-10-11 19:36 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2006-10-11 19:31 2518336 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-10-11 19:26 1092960 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-10-11 19:22 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-10-11 19:22 303104 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
2006-10-11 19:20 5148672 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-10-11 19:15 221184 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-10-11 19:14 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-10-11 19:10 294912 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-10-11 10:35 58880 --a------ C:\WINDOWS\system32\pnrpnsp.dll
2006-10-11 10:35 553984 --a------ C:\WINDOWS\system32\p2psvc.dll
2006-10-11 10:35 313344 --a------ C:\WINDOWS\system32\p2pgraph.dll
2006-10-11 10:35 153088 --a------ C:\WINDOWS\system32\p2p.dll
2006-10-11 10:35 115712 --a------ C:\WINDOWS\system32\p2pnetsh.dll
2006-10-11 10:35 104960 --a------ C:\WINDOWS\system32\p2pgasvc.dll
2006-10-11 10:07 110592 --a------ C:\WINDOWS\system32\msnphoto.scr


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Aim6"=""
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Alcmtr"="ALCMTR.EXE"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"VVSN"="C:\\Program Files\\VVSN\\VVSN.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{8D5CED9F-53D5-4AF2-BCAD-601790EDB3B9}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CoreCenter.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\CoreCenter.lnk"
"backup"="C:\\WINDOWS\\pss\\CoreCenter.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MSI\\CORECE~1\\CORECE~1.EXE "
"item"="CoreCenter"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SecureDoc.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\SecureDoc.lnk"
"backup"="C:\\WINDOWS\\pss\\SecureDoc.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MSI\\SECURE~1\\Logon.exe "
"item"="SecureDoc"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Greg^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
"path"="C:\\Documents and Settings\\Greg\\Start Menu\\Programs\\Startup\\OpenOffice.org 2.0.lnk"
"backup"="C:\\WINDOWS\\pss\\OpenOffice.org 2.0.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.0\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 2.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Greg^Start Menu^Programs^Startup^WordWeb.lnk]
"path"="C:\\Documents and Settings\\Greg\\Start Menu\\Programs\\Startup\\WordWeb.lnk"
"backup"="C:\\WINDOWS\\pss\\WordWeb.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\WordWeb\\wweb32.exe "
"item"="WordWeb"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cli"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DLM"
"hkey"="HKCU"
"command"="C:\\Program Files\\IGN\\Download Manager\\DLM.exe /windowsstart /startifwork"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LMonitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\MSI\\Live Update 3\\LMonitor.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="regsvr32 /s mqrt"
"hkey"="HKLM"
"command"="regsvr32 /s mqrt.dll"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDCPL"
"hkey"="HKLM"
"command"="RTHDCPL.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 07-01-07 23:59:58.64
C:\ComboFix.txt ... 07-01-07 23:59


Logfile of HijackThis v1.99.1
Scan saved at 12:11:08 AM, on 1/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://tw.msi.com.tw/autobios/VerChk/LSeri...nction=LMonitor
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {8D5CED9F-53D5-4AF2-BCAD-601790EDB3B9} - C:\WINDOWS\system32\awtrpnk.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162943386515
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

#10 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 08 January 2007 - 12:24 PM

Go to Start | Run then copy and paste the following:
"%userprofile%\desktop\combofix.exe" /v awtrpnk
Press OK
When finished, it should produce a log, combofix.txt, post that in your next reply.

Post me back the ComboFix log and a new HijackThis log.
Thanks,
Charles

Edited by rookie147, 08 January 2007 - 12:25 PM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#11 pitpal86

pitpal86
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 08 January 2007 - 12:32 PM

Greg - 07-01-08 11:25:53.42 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Greg\desktop"
Command switches used :: /v awtrpnk

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\awtrpnk.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((( Files Created from 2006-12-07 to 2007-01-07 ))))))))))))))))))))))))))))))))))


2007-01-03 22:33 <DIR> d-------- C:\VundoFix Backups
2007-01-03 10:08 <DIR> d-------- C:\Program Files\HijackThis
2007-01-03 10:04 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-01-03 10:03 <DIR> d-------- C:\Documents and Settings\Greg\.housecall6.6
2007-01-03 09:43 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2007-01-03 09:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-01-03 09:42 <DIR> d-------- C:\Program Files\Lavasoft
2007-01-03 09:42 <DIR> d-------- C:\Documents and Settings\Greg\Application Data\Lavasoft
2007-01-02 04:02 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-01-02 04:02 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-01-02 03:19 <DIR> dr-h----- C:\$VAULT$.AVG
2006-12-31 22:42 <DIR> d-------- C:\Documents and Settings\Greg\Application Data\U3
2006-12-28 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2006-12-28 01:52 <DIR> d-------- C:\Program Files\Google
2006-12-26 20:29 <DIR> d-------- C:\Program Files\Dreamcatcher
2006-12-26 11:21 2,241,024 --a------ C:\WINDOWS\system32\kernel1.exe
2006-12-26 09:00 <DIR> d-------- C:\Program Files\TGTSoft
2006-12-26 08:39 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2006-12-26 08:39 <DIR> d-------- C:\Program Files\VVSN
2006-12-26 08:38 <DIR> d-------- C:\Program Files\Logon Loader
2006-12-21 21:37 <DIR> d-------- C:\Documents and Settings\Greg\Application Data\acccore
2006-12-21 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2006-12-21 21:24 <DIR> d-------- C:\Program Files\Viewpoint
2006-12-21 21:24 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2006-12-21 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2006-12-21 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2006-12-21 21:23 <DIR> d-------- C:\Program Files\Common Files\AOL
2006-12-21 21:23 <DIR> d-------- C:\Program Files\AIM6
2006-12-21 21:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2006-12-18 19:04 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-12-18 19:04 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2006-12-18 19:04 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-12-18 19:04 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-12-18 19:04 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-12-18 19:04 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-12-18 19:04 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-12-18 19:04 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-12-18 19:03 74,240 --a------ C:\WINDOWS\system\CamExO20.dll
2006-12-18 19:03 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-12-18 19:03 44,544 --a------ C:\WINDOWS\system32\OVUI2.dll
2006-12-18 19:03 41,984 --a------ C:\WINDOWS\system32\OVUI2RC.dll
2006-12-18 19:03 39,424 --a------ C:\WINDOWS\system32\OVComS.exe
2006-12-18 19:03 314,752 --a------ C:\WINDOWS\system32\drivers\CamDrO21.sys
2006-12-18 19:03 20,480 --a------ C:\WINDOWS\system32\OVComC.dll
2006-12-18 19:03 116,736 --a------ C:\WINDOWS\system32\OVCodec2.dll
2006-12-18 18:56 <DIR> d-------- C:\Documents and Settings\Greg\Application Data\Ventrilo
2006-12-18 18:55 <DIR> d-------- C:\Program Files\Ventrilo
2006-12-18 18:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-12-17 16:53 <DIR> d-------- C:\Program Files\META
2006-12-15 08:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-12-13 19:51 <DIR> d-------- C:\Program Files\City of Heroes


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-08 10:58 -------- d-------- C:\Program Files\Mozilla Firefox
2007-01-07 23:58 -------- d-------- C:\Program Files\Common Files
2007-01-07 23:57 -------- d-------- C:\Documents and Settings\Greg\Application Data\MSN6
2007-01-03 02:30 -------- d-------- C:\Documents and Settings\Greg\Application Data\AVG7
2007-01-02 04:02 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-01-02 04:02 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2007-01-02 04:02 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-01-02 04:02 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-01-02 02:59 -------- d-------- C:\Documents and Settings\Greg\Application Data\uTorrent
2007-01-02 02:10 -------- d-------- C:\Documents and Settings\Greg\Application Data\OpenOffice.org2
2006-12-29 02:38 86 --ahs---- C:\Documents and Settings\Greg\Application Data\desktop.ini
2006-12-28 23:54 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-22 19:34 -------- d-------- C:\Program Files\World of Warcraft
2006-12-21 21:37 -------- d-------- C:\Program Files\Trillian
2006-12-21 21:23 -------- d-------- C:\Documents and Settings\Greg\Application Data\Mozilla
2006-12-15 09:55 -------- d---s---- C:\Documents and Settings\Greg\Application Data\Microsoft
2006-12-15 08:53 -------- d-------- C:\Program Files\Common Files\Adobe
2006-12-15 08:53 -------- d-------- C:\Documents and Settings\Greg\Application Data\Adobe
2006-12-15 08:52 -------- d-------- C:\Program Files\Adobe
2006-12-14 21:07 -------- d-------- C:\Program Files\Outlook Express
2006-12-14 21:07 -------- d-------- C:\Program Files\Common Files\System
2006-12-04 00:34 -------- d-------- C:\Program Files\Windows Media Player
2006-12-04 00:34 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-12-03 02:50 -------- d-------- C:\Documents and Settings\Greg\Application Data\IGN_DLM
2006-12-03 01:51 -------- d-------- C:\Program Files\id Software
2006-12-03 00:30 -------- d-------- C:\Program Files\Winamp
2006-12-02 00:12 -------- d-------- C:\Program Files\NeverwinterNights
2006-11-30 11:59 -------- d-------- C:\Program Files\Maxis
2006-11-23 04:23 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-11-23 04:01 -------- d-------- C:\Program Files\NAMCO BANDAI Games
2006-11-22 11:14 -------- d---s---- C:\Program Files\Xfire
2006-11-22 11:14 -------- d-------- C:\Documents and Settings\Greg\Application Data\Xfire
2006-11-22 11:09 -------- d-------- C:\Program Files\THQ
2006-11-22 11:06 -------- d-------- C:\Documents and Settings\Greg\Application Data\InstallShield
2006-11-21 20:08 -------- d-------- C:\Documents and Settings\Greg\Application Data\MSNInstaller
2006-11-21 12:47 -------- d-------- C:\Program Files\MSN
2006-11-21 12:35 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-21 12:30 -------- d-------- C:\Program Files\Design Science
2006-11-21 09:54 -------- d-------- C:\Documents and Settings\Greg\Application Data\Help
2006-11-20 18:47 -------- d-------- C:\Program Files\ATI Technologies
2006-11-20 10:31 -------- d-------- C:\Program Files\GameSpy Arcade
2006-11-20 10:30 -------- d-------- C:\Program Files\IGN
2006-11-20 02:42 33280 --a------ C:\WINDOWS\system32\snmp.exe
2006-11-19 16:51 -------- d-------- C:\Program Files\Sierra
2006-11-13 00:02 36352 --------- C:\WINDOWS\system32\tsgqec.dll
2006-11-13 00:02 288768 --------- C:\WINDOWS\system32\rhttpaa.dll
2006-11-13 00:02 1866240 --a------ C:\WINDOWS\system32\mstscax.dll
2006-11-13 00:02 116736 --------- C:\WINDOWS\system32\aaclient.dll
2006-11-12 17:10 -------- d-------- C:\Program Files\EA GAMES
2006-11-12 00:43 -------- d-------- C:\Documents and Settings\Greg\Application Data\Sun
2006-11-12 00:42 -------- d-------- C:\Program Files\uTorrent
2006-11-11 23:25 -------- d-------- C:\Program Files\Call of Duty
2006-11-11 20:28 -------- d-------- C:\Program Files\Warcraft III
2006-11-11 16:52 -------- d-------- C:\Program Files\Return to Castle Wolfenstein
2006-11-11 03:04 -------- d-------- C:\Program Files\Westwood
2006-11-11 02:36 -------- d-------- C:\Program Files\LucasArts
2006-11-11 00:33 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-11-10 22:52 -------- d-------- C:\Program Files\Common Files\Blizzard Entertainment
2006-11-10 13:24 -------- d-------- C:\Program Files\Irrational Games
2006-11-10 13:09 -------- d-------- C:\Program Files\MSXML 4.0
2006-11-10 13:07 -------- d-------- C:\Program Files\Microsoft Games
2006-11-10 13:04 -------- d-------- C:\Program Files\Byteswarm
2006-11-10 13:03 737280 --a------ C:\WINDOWS\iun6002.exe
2006-11-10 12:59 -------- d-------- C:\Program Files\BFVCC Server Manager
2006-11-09 18:39 -------- d-------- C:\Documents and Settings\Greg\Application Data\Leadertech
2006-11-09 18:34 -------- d-------- C:\Program Files\Atari
2006-11-07 23:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 20:17 -------- d-------- C:\Documents and Settings\Greg\Application Data\Apple Computer
2006-11-07 19:19 -------- d-------- C:\Program Files\MSN Messenger
2006-11-07 17:53 -------- d-------- C:\Program Files\IZArc
2006-11-07 17:51 -------- d-------- C:\Program Files\Valve
2006-11-07 12:03 -------- d-------- C:\Program Files\MSI
2006-11-07 11:57 -------- d-------- C:\Program Files\Sandboxie
2006-11-07 11:51 -------- d-------- C:\Documents and Settings\Greg\Application Data\Sandbox
2006-11-07 11:47 -------- d-------- C:\Program Files\Internet Explorer
2006-11-07 05:17 -------- d-------- C:\Program Files\WordWeb
2006-11-07 05:16 -------- d-------- C:\Program Files\Foxit Software
2006-11-07 03:47 -------- d-------- C:\Program Files\Activision
2006-11-07 03:03 -------- d-------- C:\Program Files\Messenger
2006-11-07 03:03 -------- d-------- C:\Documents and Settings\Greg\Application Data\Petroglyph
2006-11-07 03:01 -------- d-------- C:\Documents and Settings\Greg\Application Data\LucasArts
2006-11-07 02:13 -------- d-------- C:\Program Files\QuickTime
2006-11-07 02:13 -------- d-------- C:\Program Files\iTunes
2006-11-07 02:13 -------- d-------- C:\Program Files\iPod
2006-11-07 02:12 -------- d-------- C:\Program Files\Apple Software Update
2006-11-07 02:06 600576 --a------ C:\WINDOWS\system32\mstsc.exe
2006-11-07 02:04 -------- d-------- C:\Documents and Settings\Greg\Application Data\Real
2006-11-07 02:02 -------- d-------- C:\Program Files\Real
2006-11-07 02:02 -------- d-------- C:\Program Files\Common Files\xing shared
2006-11-07 02:02 -------- d-------- C:\Program Files\Common Files\Real
2006-11-07 01:23 -------- d-------- C:\Program Files\Java
2006-11-07 01:22 -------- d-------- C:\Program Files\Common Files\Java
2006-11-07 00:48 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-11-07 00:48 -------- d-------- C:\Program Files\Common Files\ODBC
2006-11-06 17:39 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-11-06 17:39 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-11-06 17:07 0 -rahs---- C:\MSDOS.SYS
2006-11-06 17:07 0 -rahs---- C:\IO.SYS
2006-11-06 17:07 0 --a------ C:\CONFIG.SYS
2006-11-06 17:07 0 --a------ C:\AUTOEXEC.BAT
2006-11-06 11:35 531568 --a------ C:\WINDOWS\system32\RmActivate_isv.exe
2006-11-06 11:35 523376 --a------ C:\WINDOWS\system32\RmActivate.exe
2006-11-06 11:35 519280 --a------ C:\WINDOWS\system32\SecProc_isv.dll
2006-11-06 11:35 518768 --a------ C:\WINDOWS\system32\SecProc.dll
2006-11-06 11:35 358000 --a------ C:\WINDOWS\system32\RmActivate_ssp.exe
2006-11-06 11:35 354416 --a------ C:\WINDOWS\system32\RmActivate_ssp_isv.exe
2006-11-06 11:35 323696 --a------ C:\WINDOWS\system32\msdrm.dll
2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\SecProc_ssp_isv.dll
2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\SecProc_ssp.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-27 15:09 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-19 07:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\WMASF.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 06:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 06:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 06:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-11 21:05 520192 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-10-11 19:47 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2006-10-11 19:44 260608 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-10-11 19:38 90112 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-10-11 19:38 41984 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-10-11 19:38 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2006-10-11 19:38 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll
2006-10-11 19:38 106496 --a------ C:\WINDOWS\system32\Oemdspif.dll
2006-10-11 19:37 430080 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-10-11 19:36 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2006-10-11 19:31 2518336 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-10-11 19:26 1092960 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-10-11 19:22 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-10-11 19:22 303104 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
2006-10-11 19:20 5148672 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-10-11 19:15 221184 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-10-11 19:14 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-10-11 19:10 294912 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-10-11 10:35 58880 --a------ C:\WINDOWS\system32\pnrpnsp.dll
2006-10-11 10:35 553984 --a------ C:\WINDOWS\system32\p2psvc.dll
2006-10-11 10:35 313344 --a------ C:\WINDOWS\system32\p2pgraph.dll
2006-10-11 10:35 153088 --a------ C:\WINDOWS\system32\p2p.dll
2006-10-11 10:35 115712 --a------ C:\WINDOWS\system32\p2pnetsh.dll
2006-10-11 10:35 104960 --a------ C:\WINDOWS\system32\p2pgasvc.dll
2006-10-11 10:07 110592 --a------ C:\WINDOWS\system32\msnphoto.scr


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Aim6"=""
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Alcmtr"="ALCMTR.EXE"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"VVSN"="C:\\Program Files\\VVSN\\VVSN.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CoreCenter.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\CoreCenter.lnk"
"backup"="C:\\WINDOWS\\pss\\CoreCenter.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MSI\\CORECE~1\\CORECE~1.EXE "
"item"="CoreCenter"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SecureDoc.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\SecureDoc.lnk"
"backup"="C:\\WINDOWS\\pss\\SecureDoc.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MSI\\SECURE~1\\Logon.exe "
"item"="SecureDoc"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Greg^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
"path"="C:\\Documents and Settings\\Greg\\Start Menu\\Programs\\Startup\\OpenOffice.org 2.0.lnk"
"backup"="C:\\WINDOWS\\pss\\OpenOffice.org 2.0.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.0\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 2.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Greg^Start Menu^Programs^Startup^WordWeb.lnk]
"path"="C:\\Documents and Settings\\Greg\\Start Menu\\Programs\\Startup\\WordWeb.lnk"
"backup"="C:\\WINDOWS\\pss\\WordWeb.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\WordWeb\\wweb32.exe "
"item"="WordWeb"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cli"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DLM"
"hkey"="HKCU"
"command"="C:\\Program Files\\IGN\\Download Manager\\DLM.exe /windowsstart /startifwork"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LMonitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\MSI\\Live Update 3\\LMonitor.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="regsvr32 /s mqrt"
"hkey"="HKLM"
"command"="regsvr32 /s mqrt.dll"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDCPL"
"hkey"="HKLM"
"command"="RTHDCPL.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 07-01-08 11:29:46.85
C:\ComboFix.txt ... 07-01-08 11:29
C:\ComboFix2.txt ... 07-01-07 23:59


Logfile of HijackThis v1.99.1
Scan saved at 11:30:54 AM, on 1/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://tw.msi.com.tw/autobios/VerChk/LSeri...nction=LMonitor
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162943386515
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

#12 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 09 January 2007 - 12:37 PM

Hey pitpal,
Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

Go to Start | Control Panel | Add/Remove Programs and remove the following (if they exist):
µTorrent
You are using peer-to-peer programs.
These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.
For more information about infections as a result of p2p programs, take a look here: http://p2p.malwareremoval.com/
Viewpoint Media Player
I see you have Viewpoint installed:
Viewpoint Manager is considered to be foistware rather than malware, since it is installed without your approval but doesn't actually spy or do anything "bad". This will soon change, according to this article, which you may want to read: http://www.clickz.com/news/article.php/3561546
I recommend that you remove the Viewpoint products. If you do decide to get rid of it, please remove all references to Viewpoint.

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

Now, please reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.

Set your system to show all files.
Navigate to Start | My Computer | Tools | Folder Options.
Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders".
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Next, please find and delete the following folder (if present):

C:\Program Files\VVSN <--Folder

Delete these folder if you removed Viewpoint and µTorrent respectively:

C:\Program Files\Viewpoint <--Folder
C:\Program Files\µTorrent <--Folder

======

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.

Backup the Registry:

Navigate to Start | Run and paste the following:

regedit /e c:\registrybackup.reg

Now click OK
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Open Notepad and copy and paste the following quotebox into a new text document. (Don't forget to copy and paste REGEDIT4!)

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"VVSN"=-

Save this as fix.reg Choose to save as *all files and place it on your Desktop.
It should look like this: Posted Image
Double-click on it and when it asks you if you want to merge the contents to the registry, click Yes/OK.

Reboot into Normal Mode.

Please download the Suspicious File Packer from here:
http://www.safer-networking.org/files/sfp.zip
Unzip it to the desktop but do not run it.
Paste the following bold part into the Suspicious File Packer window:
C:\WINDOWS\system32\kernel1.exe
C:\WINDOWS\system32\sporder.dll

Allow SFP to pack the file. This will generate a CAB archive on your desktop.
Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, click the browse button next to the second field and browse to the CAB archive that was been created on your desktop.
The cab file will be called requested-files[*].cab (the * stands for the date and hour).
Then click the Send File button below.
Please let me know when you have submitted the files.

Please run Panda's ActiveScan.
Once you are on the Panda site click the Scan your PC button
A new window will open, click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.
When download is complete, click on Local Disks to start the scan.
When the scan completes, click the See Report button.
Click Save Report and save the file to your Desktop, so you can post this log in your next reply.

Post me back a new HijackThis log, along with the Panda report. Also let me know when you've uploaded the files.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#13 pitpal86

pitpal86
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 09 January 2007 - 09:16 PM

I sent the files and here are the new logs.


Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\awtrpnk.dll.bad
Adware:Adware/Maxifiles Not disinfected C:\VundoFix Backups\winbjv32.dll.bad



Logfile of HijackThis v1.99.1
Scan saved at 8:13:51 PM, on 1/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://tw.msi.com.tw/autobios/VerChk/LSeri...nction=LMonitor
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162943386515
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

#14 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 10 January 2007 - 10:32 AM

Let me take a look at those two files, and I'll get back to you as soon as I can :thumbsup:

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#15 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 12 January 2007 - 04:00 PM

Hey pitpal,
Those files you uploaded are clean :thumbsup:

You can delete this folder now:
C:\VundoFix Backups

We need to purge your infected System Restore points, some malware may be hiding there, and if you decide to roll your computer back to an earlier stage, your infections will resurface.
So, we need to delete all your old Restore Points and create a new one you can use if needed (and you won't be infected again). Follow the instructions found here to disable System Restore:
http://www.bleepingcomputer.com/tutorials/...56.html#disable
Then after rebooting, follow these instructions to re-enable it and create a new, clean, Restore Point:
http://www.bleepingcomputer.com/tutorials/...l56.html#enable

Let me know in your next post how things seem to be running now.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users