Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • This topic is locked This topic is locked
8 replies to this topic

#1 rsdorn84

rsdorn84

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 22 April 2007 - 08:08 PM

I think i have anaema and some trojan, but i cant seem to find any more info on how to remove these. I came across hijack this and thought it might help me. Below is the log.

Logfile of HijackThis v1.99.1
Scan saved at 7:01:28 PM, on 4/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Rodolfo S Dorn\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\swewaljy.dll",setvm
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.apple.com.edgesuite.net/qt...meInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1148522302405
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1148523835562
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://mvt.mcafee.com/mvt/bin/2,4,1,0/mvt.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:44 AM

Posted 23 April 2007 - 07:33 AM

Hello,

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
Then, * Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 rsdorn84

rsdorn84
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 24 April 2007 - 12:58 AM

Combo Fix:
"Rodolfo S Dorn" - 07-04-23 23:29:18 Service Pack 2
ComboFix 07-04-24.2V - Running from: "C:\Documents and Settings\Rodolfo S Dorn\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\pmkhe.dll
C:\WINDOWS\system32\cbxyaww.dll
C:\WINDOWS\system32\mljkiif.dll
C:\WINDOWS\system32\ycbeg.bak1
C:\WINDOWS\system32\ycbeg.bak2
C:\WINDOWS\system32\ycbeg.ini
C:\WINDOWS\system32\ehkmp.ini
C:\WINDOWS\system32\gebcy.dll
C:\WINDOWS\system32\yayaawv.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((( Files Created from 2002-01-07 to 20/23/2007 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2012/28/2001 01:55 PM 24035 --a------ C:\WINDOWS\system32\drivers\eaps2kbd.sys
2012/26/2001 09:28 AM 71952 --a------ C:\WINDOWS\system32\drivers\iansw2k.sys
2010/29/1999 02:35 PM 24348 --a------ C:\WINDOWS\system32\drivers\EAWDMFD.SYS
2010/18/2006 08:00 PM 38528 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys
2009/29/2004 04:28 PM 134912 --------- C:\WINDOWS\system32\drivers\ipnat.sys
2009/28/2006 07:00 PM 82944 --------- C:\WINDOWS\system32\drivers\WudfRd.sys
2009/28/2006 06:55 PM 77568 --------- C:\WINDOWS\system32\drivers\WudfPf.sys
2009/17/2001 10:00 AM 17744 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008/24/2006 09:47 PM 36528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2008/23/2006 10:53 AM 96256 --a------ C:\WINDOWS\system32\drivers\sptd3661.sys
2008/23/2006 10:53 AM 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008/21/2006 03:14 AM 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2008/18/2001 06:00 AM 58112 --------- C:\WINDOWS\system32\drivers\vdmindvd.sys
2008/18/2001 06:00 AM 51712 --------- C:\WINDOWS\system32\drivers\tosdvd.sys
2008/18/2001 06:00 AM 262528 --------- C:\WINDOWS\system32\drivers\cinemst2.sys
2008/18/2001 06:00 AM 23936 --------- C:\WINDOWS\system32\drivers\usbcamd2.sys
2008/18/2001 06:00 AM 23808 --------- C:\WINDOWS\system32\drivers\usbcamd.sys
2008/18/2001 06:00 AM 21376 --------- C:\WINDOWS\system32\drivers\tsbvcap.sys
2008/18/2001 06:00 AM 18688 --------- C:\WINDOWS\system32\drivers\cdaudio.sys
2008/18/2001 06:00 AM 12160 --------- C:\WINDOWS\system32\drivers\fsvga.sys
2008/18/2001 06:00 AM 12032 --------- C:\WINDOWS\system32\drivers\riodrv.sys
2008/18/2001 06:00 AM 12032 --------- C:\WINDOWS\system32\drivers\rio8drv.sys
2008/18/2001 06:00 AM 12032 --------- C:\WINDOWS\system32\drivers\nikedrv.sys
2008/18/2001 06:00 AM 11776 --------- C:\WINDOWS\system32\drivers\cpqdap01.sys
2008/17/2001 12:58 PM 5888 --------- C:\WINDOWS\system32\drivers\dmload.sys
2008/17/2001 12:58 PM 35840 --------- C:\WINDOWS\system32\drivers\isapnp.sys
2008/17/2001 12:57 PM 5888 --------- C:\WINDOWS\system32\drivers\rootmdm.sys
2008/17/2001 12:57 PM 4224 --------- C:\WINDOWS\system32\drivers\mnmdd.sys
2008/17/2001 12:57 PM 3456 --------- C:\WINDOWS\system32\drivers\oprghdlr.sys
2008/17/2001 12:57 PM 11648 --------- C:\WINDOWS\system32\drivers\acpiec.sys
2008/17/2001 12:56 PM 12032 --------- C:\WINDOWS\system32\drivers\ws2ifsl.sys
2008/17/2001 12:55 PM 9600 --------- C:\WINDOWS\system32\drivers\ndistapi.sys
2008/17/2001 12:55 PM 8832 --------- C:\WINDOWS\system32\drivers\rasacd.sys
2008/17/2001 12:55 PM 38016 --------- C:\WINDOWS\system32\drivers\ndproxy.sys
2008/17/2001 12:55 PM 32896 --------- C:\WINDOWS\system32\drivers\ipfltdrv.sys
2008/17/2001 12:55 PM 16512 --------- C:\WINDOWS\system32\drivers\raspti.sys
2008/17/2001 12:54 PM 63232 --------- C:\WINDOWS\system32\drivers\nwlnknb.sys
2008/17/2001 12:54 PM 55936 --------- C:\WINDOWS\system32\drivers\nwlnkspx.sys
2008/17/2001 12:54 PM 32512 --------- C:\WINDOWS\system32\drivers\nwlnkfwd.sys
2008/17/2001 12:54 PM 12416 --------- C:\WINDOWS\system32\drivers\nwlnkflt.sys
2008/17/2001 12:53 PM 3328 --------- C:\WINDOWS\system32\drivers\dxgthk.sys
2008/17/2001 12:53 PM 10496 --------- C:\WINDOWS\system32\drivers\dxapi.sys
2008/17/2001 12:52 PM 7680 --------- C:\WINDOWS\system32\drivers\mcd.sys
2008/17/2001 12:52 PM 13952 --------- C:\WINDOWS\system32\drivers\cbidf2k.sys
2008/17/2001 12:52 PM 125056 --------- C:\WINDOWS\system32\drivers\ftdisk.sys
2008/17/2001 12:51 PM 3328 --------- C:\WINDOWS\system32\drivers\pciide.sys
2008/17/2001 12:51 PM 14592 --------- C:\WINDOWS\system32\drivers\smclib.sys
2008/17/2001 12:49 PM 7936 --------- C:\WINDOWS\system32\drivers\fs_rec.sys
2008/17/2001 12:49 PM 6784 --------- C:\WINDOWS\system32\drivers\parvdm.sys
2008/17/2001 12:49 PM 17792 --------- C:\WINDOWS\system32\drivers\ptilink.sys
2008/17/2001 12:48 PM 17664 --a------ C:\WINDOWS\system32\drivers\sermouse.sys
2008/17/2001 12:48 PM 12160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008/17/2001 12:47 PM 8704 --a------ C:\WINDOWS\system32\drivers\Dot4scan.sys
2008/17/2001 12:47 PM 4224 --------- C:\WINDOWS\system32\drivers\beep.sys
2008/17/2001 12:47 PM 352256 --------- C:\WINDOWS\system32\drivers\atmuni.sys
2008/17/2001 12:47 PM 2944 --------- C:\WINDOWS\system32\drivers\null.sys
2008/17/2001 12:47 PM 23808 --a------ C:\WINDOWS\system32\drivers\Dot4usb.sys
2008/17/2001 12:47 PM 12928 --a------ C:\WINDOWS\system32\drivers\Dot4Prt.sys
2008/17/2001 12:46 PM 4224 --------- C:\WINDOWS\system32\drivers\rdpcdd.sys
2008/17/2001 12:46 PM 34432 --------- C:\WINDOWS\system32\drivers\rawwan.sys
2008/17/2001 12:46 PM 31360 --------- C:\WINDOWS\system32\drivers\atmepvc.sys
2008/17/2001 09:24 PM 34944 --------- C:\WINDOWS\system32\drivers\fips.sys
2008/17/2001 09:24 PM 18688 --------- C:\WINDOWS\system32\drivers\partmgr.sys
2008/17/2001 02:59 PM 3072 --------- C:\WINDOWS\system32\drivers\audstub.sys
2008/17/2001 01:53 PM 6784 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008/17/2001 01:07 PM 56960 --------- C:\WINDOWS\system32\drivers\aic78xx.sys
2008/17/2001 01:07 PM 55168 --------- C:\WINDOWS\system32\drivers\aic78u2.sys
2008/17/2001 01:07 PM 4352 --------- C:\WINDOWS\system32\drivers\wmilib.sys
2008/17/2001 01:07 PM 32640 --------- C:\WINDOWS\system32\drivers\symc8xx.sys
2008/17/2001 01:07 PM 28384 --------- C:\WINDOWS\system32\drivers\sym_hi.sys
2008/17/2001 01:07 PM 20192 --------- C:\WINDOWS\system32\drivers\dpti2o.sys
2008/17/2001 01:07 PM 16256 --------- C:\WINDOWS\system32\drivers\symc810.sys
2008/17/2001 01:07 PM 101888 --------- C:\WINDOWS\system32\drivers\adpu160m.sys
2008/17/2001 01:03 PM 4736 --a------ C:\WINDOWS\system32\drivers\usbd.sys
2008/17/2001 01:02 PM 9600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008/17/2001 01:00 PM 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008/16/2006 03:37 AM 225664 --------- C:\WINDOWS\system32\drivers\tcpip6.sys
2008/14/2006 04:34 AM 332928 --------- C:\WINDOWS\system32\drivers\srv.sys
2008/09/2001 05:26 PM 22608 --a------ C:\WINDOWS\system32\drivers\wandrv.sys
2008/04/2004 12:01 AM 40840 --------- C:\WINDOWS\system32\drivers\termdd.sys
2008/04/2004 12:01 AM 21896 --------- C:\WINDOWS\system32\drivers\tdtcp.sys
2008/04/2004 12:01 AM 12040 --------- C:\WINDOWS\system32\drivers\tdpipe.sys
2008/03/2004 11:07 PM 59264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008/03/2004 11:01 PM 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008/03/2004 10:58 PM 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008/03/2004 10:15 PM 64896 --------- C:\WINDOWS\system32\drivers\serial.sys
2008/03/2004 10:15 PM 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008/03/2004 10:15 PM 574592 --------- C:\WINDOWS\system32\drivers\ntfs.sys
2008/03/2004 10:15 PM 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008/03/2004 10:15 PM 140928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2008/03/2004 10:15 PM 107904 --------- C:\WINDOWS\system32\drivers\mup.sys
2008/03/2004 10:14 PM 91776 --------- C:\WINDOWS\system32\drivers\ndiswan.sys
2008/03/2004 10:14 PM 74752 --------- C:\WINDOWS\system32\drivers\ipsec.sys
2008/03/2004 10:14 PM 63744 --------- C:\WINDOWS\system32\drivers\cdfs.sys
2008/03/2004 10:14 PM 52736 --------- C:\WINDOWS\system32\drivers\i8042prt.sys
2008/03/2004 10:14 PM 51328 --------- C:\WINDOWS\system32\drivers\rasl2tp.sys
2008/03/2004 10:14 PM 49664 --------- C:\WINDOWS\system32\drivers\classpnp.sys
2008/03/2004 10:14 PM 48384 --------- C:\WINDOWS\system32\drivers\raspptp.sys
2008/03/2004 10:14 PM 182912 --------- C:\WINDOWS\system32\drivers\ndis.sys
2008/03/2004 10:14 PM 162816 --------- C:\WINDOWS\system32\drivers\netbt.sys
2008/03/2004 10:14 PM 143360 --------- C:\WINDOWS\system32\drivers\fastfat.sys
2008/03/2004 10:14 PM 138496 --------- C:\WINDOWS\system32\drivers\afd.sys
2008/03/2004 10:10 PM 85376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008/03/2004 10:10 PM 78464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2008/03/2004 10:10 PM 59648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2008/03/2004 10:10 PM 38016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2008/03/2004 10:10 PM 35456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2008/03/2004 10:10 PM 274304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008/03/2004 10:10 PM 25600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2008/03/2004 10:10 PM 19328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008/03/2004 10:10 PM 18944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2008/03/2004 10:10 PM 17024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008/03/2004 10:10 PM 17024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2008/03/2004 10:10 PM 15360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008/03/2004 10:10 PM 11136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2008/03/2004 10:10 PM 10880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008/03/2004 10:09 PM 25472 --------- C:\WINDOWS\system32\drivers\sonydcam.sys
2008/03/2004 10:08 PM 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008/03/2004 10:08 PM 57600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2008/03/2004 10:08 PM 48640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2008/03/2004 10:08 PM 36224 --a------ C:\WINDOWS\system32\drivers\hidclass.sys
2008/03/2004 10:08 PM 31616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008/03/2004 10:08 PM 30080 --------- C:\WINDOWS\system32\drivers\modem.sys
2008/03/2004 10:08 PM 26624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2008/03/2004 10:08 PM 24960 --a------ C:\WINDOWS\system32\drivers\hidparse.sys
2008/03/2004 10:08 PM 20480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
2008/03/2004 10:08 PM 16000 --------- C:\WINDOWS\system32\drivers\usbintel.sys
2008/03/2004 10:08 PM 15104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2008/03/2004 10:08 PM 142976 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2008/03/2004 10:08 PM 10624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008/03/2004 10:07 PM 799744 --------- C:\WINDOWS\system32\drivers\dmboot.sys
2008/03/2004 10:07 PM 79744 --------- C:\WINDOWS\system32\drivers\videoprt.sys
2008/03/2004 10:07 PM 68224 --------- C:\WINDOWS\system32\drivers\pci.sys
2008/03/2004 10:07 PM 67584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2008/03/2004 10:07 PM 63744 --------- C:\WINDOWS\system32\drivers\mf.sys
2008/03/2004 10:07 PM 6016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2008/03/2004 10:07 PM 52864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2008/03/2004 10:07 PM 46464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2008/03/2004 10:07 PM 44928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2008/03/2004 10:07 PM 44672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2008/03/2004 10:07 PM 43008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2008/03/2004 10:07 PM 42752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2008/03/2004 10:07 PM 42368 --a------ C:\WINDOWS\system32\drivers\agp440.sys
2008/03/2004 10:07 PM 42240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2008/03/2004 10:07 PM 41088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2008/03/2004 10:07 PM 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008/03/2004 10:07 PM 20992 --------- C:\WINDOWS\system32\drivers\vga.sys
2008/03/2004 10:07 PM 187776 --------- C:\WINDOWS\system32\drivers\acpi.sys
2008/03/2004 10:07 PM 18560 --------- C:\WINDOWS\system32\drivers\tdi.sys
2008/03/2004 10:07 PM 15488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys
2008/03/2004 10:07 PM 153344 --------- C:\WINDOWS\system32\drivers\dmio.sys
2008/03/2004 10:07 PM 119936 --------- C:\WINDOWS\system32\drivers\pcmcia.sys
2008/03/2004 10:06 PM 73472 --------- C:\WINDOWS\system32\drivers\sr.sys
2008/03/2004 10:05 PM 41472 --------- C:\WINDOWS\system32\drivers\raspppoe.sys
2008/03/2004 10:05 PM 14336 --------- C:\WINDOWS\system32\drivers\asyncmac.sys
2008/03/2004 10:04 PM 69120 --------- C:\WINDOWS\system32\drivers\psched.sys
2008/03/2004 10:04 PM 35072 --------- C:\WINDOWS\system32\drivers\msgpc.sys
2008/03/2004 10:04 PM 34560 --------- C:\WINDOWS\system32\drivers\wanarp.sys
2008/03/2004 10:04 PM 30080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008/03/2004 10:04 PM 30080 --------- C:\WINDOWS\system32\drivers\rndismp.sys
2008/03/2004 10:04 PM 20992 --------- C:\WINDOWS\system32\drivers\ipinip.sys
2008/03/2004 10:04 PM 13568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2008/03/2004 10:04 PM 12672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008/03/2004 10:04 PM 12672 --------- C:\WINDOWS\system32\drivers\usb8023.sys
2008/03/2004 10:04 PM 12672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2008/03/2004 10:03 PM 88448 --------- C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008/03/2004 10:03 PM 34560 --------- C:\WINDOWS\system32\drivers\netbios.sys
2008/03/2004 10:03 PM 12928 --------- C:\WINDOWS\system32\drivers\ndisuio.sys
2008/03/2004 10:03 PM 12416 --------- C:\WINDOWS\system32\drivers\tunmp.sys
2008/03/2004 10:01 PM 196864 --------- C:\WINDOWS\system32\drivers\rdpdr.sys
2008/03/2004 10:00 PM 71040 --------- C:\WINDOWS\system32\drivers\dxg.sys
2008/03/2004 10:00 PM 66176 --------- C:\WINDOWS\system32\drivers\udfs.sys
2008/03/2004 10:00 PM 52352 --------- C:\WINDOWS\system32\drivers\volsnap.sys
2008/03/2004 10:00 PM 41856 --------- C:\WINDOWS\system32\drivers\imapi.sys
2008/03/2004 10:00 PM 30848 --------- C:\WINDOWS\system32\drivers\npfs.sys
2008/03/2004 10:00 PM 29056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys
2008/03/2004 10:00 PM 19072 --------- C:\WINDOWS\system32\drivers\msfs.sys
2008/03/2004 10:00 PM 181248 --------- C:\WINDOWS\system32\drivers\mrxdav.sys
2008/03/2004 10:00 PM 14976 --------- C:\WINDOWS\system32\drivers\tape.sys
2008/03/2004 10:00 PM 11264 --------- C:\WINDOWS\system32\drivers\irenum.sys
2008/03/2004 09:59 PM 96256 --------- C:\WINDOWS\system32\drivers\scsiport.sys
2008/03/2004 09:59 PM 95360 --------- C:\WINDOWS\system32\drivers\atapi.sys
2008/03/2004 09:59 PM 92032 --------- C:\WINDOWS\system32\drivers\ksecdd.sys
2008/03/2004 09:59 PM 80128 --------- C:\WINDOWS\system32\drivers\parport.sys
2008/03/2004 09:59 PM 71552 --------- C:\WINDOWS\system32\drivers\bridge.sys
2008/03/2004 09:59 PM 57472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008/03/2004 09:59 PM 5504 --------- C:\WINDOWS\system32\drivers\intelide.sys
2008/03/2004 09:59 PM 5376 --------- C:\WINDOWS\system32\drivers\viaide.sys
2008/03/2004 09:59 PM 49536 --------- C:\WINDOWS\system32\drivers\cdrom.sys
2008/03/2004 09:59 PM 42496 --------- C:\WINDOWS\system32\drivers\p3.sys
2008/03/2004 09:59 PM 40320 --------- C:\WINDOWS\system32\drivers\nmnt.sys
2008/03/2004 09:59 PM 37376 --------- C:\WINDOWS\system32\drivers\amdk7.sys
2008/03/2004 09:59 PM 36992 --------- C:\WINDOWS\system32\drivers\amdk6.sys
2008/03/2004 09:59 PM 36480 --------- C:\WINDOWS\system32\drivers\crusoe.sys
2008/03/2004 09:59 PM 36352 --------- C:\WINDOWS\system32\drivers\disk.sys
2008/03/2004 09:59 PM 36096 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2008/03/2004 09:59 PM 35328 --------- C:\WINDOWS\system32\drivers\processr.sys
2008/03/2004 09:59 PM 27392 --------- C:\WINDOWS\system32\drivers\fdc.sys
2008/03/2004 09:59 PM 25088 --------- C:\WINDOWS\system32\drivers\pciidex.sys
2008/03/2004 09:59 PM 20480 --------- C:\WINDOWS\system32\drivers\flpydisk.sys
2008/03/2004 09:59 PM 15488 --------- C:\WINDOWS\system32\drivers\serenum.sys
2008/03/2004 09:59 PM 14208 --------- C:\WINDOWS\system32\drivers\diskdump.sys
2008/03/2004 09:59 PM 11392 --------- C:\WINDOWS\system32\drivers\sfloppy.sys
2008/03/2004 09:59 PM 11136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys
2008/03/2004 09:59 PM 10240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys
2008/03/2004 09:58 PM 7552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2008/03/2004 09:58 PM 61824 --------- C:\WINDOWS\system32\drivers\nic1394.sys
2008/03/2004 09:58 PM 60800 --------- C:\WINDOWS\system32\drivers\arp1394.sys
2008/03/2004 09:58 PM 59904 --------- C:\WINDOWS\system32\drivers\atmarpc.sys
2008/03/2004 09:58 PM 55936 --------- C:\WINDOWS\system32\drivers\atmlane.sys
2008/03/2004 09:58 PM 5504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008/03/2004 09:58 PM 5376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2008/03/2004 09:58 PM 4992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2008/03/2004 09:58 PM 4352 --------- C:\WINDOWS\system32\drivers\swenum.sys
2008/03/2004 09:58 PM 42240 --------- C:\WINDOWS\system32\drivers\mountmgr.sys
2008/03/2004 09:58 PM 24576 --------- C:\WINDOWS\system32\drivers\kbdclass.sys
2008/03/2004 09:58 PM 23040 --------- C:\WINDOWS\system32\drivers\mouclass.sys
2008/03/2004 09:58 PM 209408 --------- C:\WINDOWS\system32\drivers\update.sys
2008/03/2004 09:58 PM 207360 --a------ C:\WINDOWS\system32\drivers\dot4.sys
2008/03/2004 09:58 PM 14848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008/03/2004 09:58 PM 100992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2008/03/2004 09:41 PM 95424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2008/03/2004 09:41 PM 685056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008/03/2004 09:41 PM 404990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2008/03/2004 09:41 PM 220032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008/03/2004 09:41 PM 180360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2008/03/2004 09:41 PM 13776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2008/03/2004 09:41 PM 13240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2008/03/2004 09:41 PM 1309184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2008/03/2004 09:41 PM 129535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2008/03/2004 09:41 PM 126686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2008/03/2004 09:41 PM 1041536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008/03/2004 09:29 PM 73216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2008/03/2004 09:29 PM 701440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008/03/2004 09:29 PM 63663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2008/03/2004 09:29 PM 63488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2008/03/2004 09:29 PM 57856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2008/03/2004 09:29 PM 56623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2008/03/2004 09:29 PM 52224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2008/03/2004 09:29 PM 452736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2008/03/2004 09:29 PM 36463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2008/03/2004 09:29 PM 34735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2008/03/2004 09:29 PM 33599 --------- C:\WINDOWS\system32\drivers\watv04nt.sys
2008/03/2004 09:29 PM 327040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008/03/2004 09:29 PM 31744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2008/03/2004 09:29 PM 30671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2008/03/2004 09:29 PM 29455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2008/03/2004 09:29 PM 29311 --------- C:\WINDOWS\system32\drivers\watv01nt.sys
2008/03/2004 09:29 PM 28672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2008/03/2004 09:29 PM 26367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2008/03/2004 09:29 PM 25471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2008/03/2004 09:29 PM 23615 --------- C:\WINDOWS\system32\drivers\wch7xxnt.sys
2008/03/2004 09:29 PM 22271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2008/03/2004 09:29 PM 21343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2008/03/2004 09:29 PM 19551 --------- C:\WINDOWS\system32\drivers\watv02nt.sys
2008/03/2004 09:29 PM 19455 --------- C:\WINDOWS\system32\drivers\wvchntxx.sys
2008/03/2004 09:29 PM 166912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2008/03/2004 09:29 PM 161020 --------- C:\WINDOWS\system32\drivers\i81xnt5.sys
2008/03/2004 09:29 PM 14336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2008/03/2004 09:29 PM 13824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2008/03/2004 09:29 PM 13824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2008/03/2004 09:29 PM 12415 --------- C:\WINDOWS\system32\drivers\wadv01nt.sys
2008/03/2004 09:29 PM 12127 --------- C:\WINDOWS\system32\drivers\wadv02nt.sys
2008/03/2004 09:29 PM 12063 --------- C:\WINDOWS\system32\drivers\wsiintxx.sys
2008/03/2004 09:29 PM 12047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2008/03/2004 09:29 PM 11935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2008/03/2004 09:29 PM 11871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2008/03/2004 09:29 PM 11807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2008/03/2004 09:29 PM 11775 --------- C:\WINDOWS\system32\drivers\wadv05nt.sys
2008/03/2004 09:29 PM 11615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2008/03/2004 09:29 PM 11295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2008/03/2004 09:29 PM 104960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007/21/2001 05:41 PM 27440 --------- C:\WINDOWS\system32\drivers\secdrv.sys
2007/13/2006 02:48 AM 202240 --------- C:\WINDOWS\system32\drivers\rmcast.sys
2007/08/2002 05:37 PM 591520 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys
2007/08/2002 05:37 PM 33548 --a------ C:\WINDOWS\system32\drivers\strmdisp.sys
2007/08/2002 05:36 PM 428578 --a------ C:\WINDOWS\system32\drivers\C4C_K56K.sys
2007/08/2002 05:35 PM 212494 --a------ C:\WINDOWS\system32\drivers\C4C_FAXX.sys
2007/08/2002 05:35 PM 124703 --a------ C:\WINDOWS\system32\drivers\C4C_FSKS.sys
2007/08/2002 05:34 PM 59664 --a------ C:\WINDOWS\system32\drivers\C4C_TONE.sys
2007/08/2002 05:34 PM 303171 --a------ C:\WINDOWS\system32\drivers\C4C_FALL.sys
2007/08/2002 05:32 PM 84788 --a------ C:\WINDOWS\system32\drivers\C4C_BSC2.sys
2007/08/2002 05:32 PM 62422 --a------ C:\WINDOWS\system32\drivers\C4C_SAMP.sys
2007/08/2002 05:32 PM 542223 --a------ C:\WINDOWS\system32\drivers\C4C_V124.sys
2007/08/2002 05:30 PM 171791 --a------ C:\WINDOWS\system32\drivers\C4C_AMOS.sys
2007/08/2002 05:29 PM 62610 --a------ C:\WINDOWS\system32\drivers\C4C_SOAR.sys
2006/19/2002 01:14 AM 29446 --a------ C:\WINDOWS\system32\drivers\Mmc_2k.sys
2006/19/2002 01:14 AM 25226 --a------ C:\WINDOWS\system32\drivers\Dvd_2k.sys
2006/19/2002 01:14 AM 127026 --a------ C:\WINDOWS\system32\drivers\pwd_2K.sys
2006/19/2002 01:09 AM 237568 --a------ C:\WINDOWS\system32\drivers\cdudf_xp.sys
2006/19/2002 01:07 AM 206336 --a------ C:\WINDOWS\system32\drivers\udfreadr_xp.sys
2006/14/2006 03:00 AM 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006/14/2006 02:47 AM 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006/14/2006 02:47 AM 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006/10/2002 02:20 PM 12112 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2006/10/2002 01:24 PM 188592 --a------ C:\WINDOWS\system32\drivers\lvvi500a.sys
2006/10/2002 01:21 PM 10254 --a------ C:\WINDOWS\system32\drivers\LVBulk.sys
2006/10/2002 01:20 PM 34816 --a------ C:\WINDOWS\system32\drivers\LVSound2.sys
2006/09/2005 10:09 PM 139528 --------- C:\WINDOWS\system32\drivers\rdpwd.sys
2006/01/2006 05:22 PM 3925920 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2005/19/2006 03:16 PM 2560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2005/19/2006 03:16 PM 2432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2005/05/2006 03:47 AM 174592 --------- C:\WINDOWS\system32\drivers\rdbss.sys
2005/05/2006 03:41 AM 453120 --------- C:\WINDOWS\system32\drivers\mrxsmb.sys
2004/20/2006 05:51 AM 359808 --------- C:\WINDOWS\system32\drivers\tcpip.sys
2003/22/2002 12:10 PM 991656 --a------ C:\WINDOWS\system32\drivers\ha10kx2k.sys
2003/22/2002 12:10 PM 211724 --a------ C:\WINDOWS\system32\drivers\CTSFM2K.SYS
2003/22/2002 12:10 PM 156604 --a------ C:\WINDOWS\system32\drivers\EMUPIA2K.SYS
2003/22/2002 12:09 PM 835636 --a------ C:\WINDOWS\system32\drivers\ctaud2k.sys
2003/22/2002 12:09 PM 195432 --a------ C:\WINDOWS\system32\drivers\ctoss2k.sys
2003/22/2002 12:09 PM 11068 --a------ C:\WINDOWS\system32\drivers\CTPRXY2K.SYS
2003/22/2002 12:08 PM 114944 --a------ C:\WINDOWS\system32\drivers\CTAC32K.SYS
2003/16/2006 06:33 PM 262784 --------- C:\WINDOWS\system32\drivers\http.sys
2003/04/2002 09:36 AM 24586 --a------ C:\WINDOWS\system32\drivers\NMSDD.SYS
2003/04/2002 09:35 AM 9868 --a------ C:\WINDOWS\system32\drivers\NMSCFG.SYS
2002/25/2002 07:54 AM 139776 --a------ C:\WINDOWS\system32\drivers\e100b325.sys
2002/14/2006 06:22 PM 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\gkuhxtuu.dll [x]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{D42ADF4E-DAB1-4D25-990D-F04334FFD1Bb} C:\WINDOWS\system32\pwdpqvij.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CARPService"="carpserv.exe"
"CPQEASYACC"="C:\\Program Files\\COMPAQ\\Easy Access Button Support\\StartEAK.exe"
"WCOLOREAL"="\"C:\\Program Files\\COMPAQ\\Coloreal\\coloreal.exe\""
"WINDVDPatch"="CTHELPER.EXE"
"Jet Detection"="C:\\Program Files\\Creative\\SBAudigy\\PROGRAM\\ADGJDet.exe"
"srmclean"="C:\\Cpqs\\Scom\\srmclean.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.EXE"
"LogitechGalleryRepair"="C:\\Program Files\\Logitech\\ImageStudio\\ISStart.exe"
"LogitechImageStudioTray"="C:\\Program Files\\Logitech\\ImageStudio\\LogiTray.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"AWMON"="\"C:\\PROGRA~1\\Lavasoft\\AD-AWA~1\\Ad-Watch.exe\""
"SetRefresh"="C:\\Program Files\\Compaq\\SetRefresh\\SetRefresh.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"
"WeatherWatcher"="C:\\Program Files\\Weather Watcher\\ww.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoLogon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WMPNSCFG"
"hkey"="HKCU"
"command"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
p2psvc REG_MULTI_SZ p2psvc\0p2pimsvc\0p2pgasvc\0PNRPSvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa1870ff-9b9a-11db-b17f-0008027f8454}]
Shell\AutoRun\command F:\setupSNK.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Registration reminder 1.job
C:\WINDOWS\tasks\Registration reminder 2.job
C:\WINDOWS\tasks\Registration reminder 3.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{ED9CE174-0CE9-49CD-A761-70D66BA700E6}.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-23 23:43:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: Mon 04/23/2007 23:46:24 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 04/23/2007 11:46 PM


Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 11:55:38 PM, on 4/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rodolfo S Dorn\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\gkuhxtuu.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D42ADF4E-DAB1-4D25-990D-F04334FFD1Bb} - C:\WINDOWS\system32\pwdpqvij.dll (file missing)
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: AppRocket.lnk = C:\Program Files\CandyLabs\AppRocket\AppRocket.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AppRocket.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.apple.com.edgesuite.net/qt...meInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1148522302405
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1148523835562
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://mvt.mcafee.com/mvt/bin/2,4,1,0/mvt.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:44 AM

Posted 24 April 2007 - 06:50 AM

That worked.

Let's deal with the leftovers now...

I see you are running AdWatch.
I suggest you disable it because it can interfere with the fixes.

To disable AdWatch:

Open AdAware SE.
Go to AdWatch User Interface.
Go to Tools and Preferences.
At the bottom of the screen you will see 2 options Active and Automatic.
Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically
Uncheck both options. You can enable these after resolving your problem


* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\gkuhxtuu.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D42ADF4E-DAB1-4D25-990D-F04334FFD1Bb} - C:\WINDOWS\system32\pwdpqvij.dll (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Post a new HijackThislog in your next reply and also let me know how things are running now :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 rsdorn84

rsdorn84
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 24 April 2007 - 05:24 PM

Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 11:55:38 PM, on 4/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rodolfo S Dorn\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\gkuhxtuu.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D42ADF4E-DAB1-4D25-990D-F04334FFD1Bb} - C:\WINDOWS\system32\pwdpqvij.dll (file missing)
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: AppRocket.lnk = C:\Program Files\CandyLabs\AppRocket\AppRocket.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AppRocket.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.apple.com.edgesuite.net/qt...meInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1148522302405
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1148523835562
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://mvt.mcafee.com/mvt/bin/2,4,1,0/mvt.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe



Sorry, posted the old one, here is the new one:
Logfile of HijackThis v1.99.1
Scan saved at 4:20:25 PM, on 4/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Documents and Settings\Rodolfo S Dorn\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: AppRocket.lnk = C:\Program Files\CandyLabs\AppRocket\AppRocket.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AppRocket.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.apple.com.edgesuite.net/qt...meInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1148522302405
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1148523835562
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://mvt.mcafee.com/mvt/bin/2,4,1,0/mvt.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:44 AM

Posted 25 April 2007 - 02:52 AM

Your log looks clean again.
How are things now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 rsdorn84

rsdorn84
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 25 April 2007 - 06:39 AM

Computer feels like new actually thanks for all your help. Although i do have to mention, i saw that as soon as i enabled adwatch again it detected a registry modification, and some tracking cookies. Anything i should worry about?

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:44 AM

Posted 25 April 2007 - 06:48 AM

The registry modification is because you fixed some entries in HijackThis.
Adwatch sees this also as a "hijack" attempt and warns you about this. Here you have to tell adwatch to accept the changes and don't let adwatch blocking it, otherwise it will restore the entries you fixed in HijackThis again.

Don't worry about the cookies - everyone has them and they will always return. This is all a matter of what sites you visit.

Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:44 AM

Posted 25 April 2007 - 05:09 PM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users