Tom's Guide | Tom's Hardware | Tom's Games | PC Safety Suite
 |
 |
 |
Comment:
I had a virus previous to this which i still haven't fixed where one of my processes keeps running over and over.. still does it on my other user but not this one.. but also focusing on the Red X on my C Drive and the temp files i had i removed most of them following a previous post but i still have a red X , im kinda knew the the hijack this so if u need a log please instruct me on how to do that. Ty for your time ^^ btw i'm not sure if this is one virus or multiple..
+1 |   |
Ok so i did the vundofix found the nerocheck was infected, seems i still have a red X on my C: but i dont see any .tmp files erm, i didn't mention but i also had 2 icons on my desktop from storageprotector which i can now finally remove which i couldn't before (duplication), im on my usual user now and no mulitplying of one app. so far.. how do i know this won't happen again? shall i post a hijack this and how? and where is my system restore folder/how do i empty it. ty ^^
+1 | |
Please download and install the latest version of HijackThis v2.0.2:
Download the "HijackThis" Installer from this link:
Hijack This
1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
+1 | |
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:07:10 PM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\M-Audio\M-Audio Micro\MAUSBMRInst.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Xfire\xfire.exe
C:\Documents and Settings\Kenneth\Desktop\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.com/0SEENUS/SAOS01?FOR...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://g.msn.com/0SEENUS/SAOS01?FOR...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =http://us.rd.yahoo.com/customize/ie...
/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://g.msn.com/0SEENUS/SAOS01?FOR...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\InternetSettings,ProxyServer = 72.52.163.100:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\InternetSettings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88}- C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} -C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
F3 - REG:win.ini: load=C:\WINDOWS\system32\awvvw.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} -C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}- C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper -{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} -C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} -C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll (file
missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} -C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button -{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} -C:\Program Files\Dealio\kb124\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} -C:\Program Files\ISM\BndDrive7.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper -{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO -{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper -{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live
Toolbar\msntb.dll
O2 - BHO: Piolet Toolbar Helper - {EDDF3383-EC5F-49DF-A8B6-CEC2D8F6164C} -C:\Program Files\Piolet Toolbar\v3.2.0.0\Piolet_Toolbar.dll
O2 - BHO: (no name) - {EF986924-D69B-8812-E820-FF8A30F02EE1} -C:\WINDOWS\system32\ohsdvi.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} -C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA}- C:\Program Files\FlashGet\getflash.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} -C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (nofile)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiles\google\googletoolbar4.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} -C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: Piolet Toolbar - {C75C8E7E-5059-4469-AC11-D7544B260382} -C:\Program Files\Piolet Toolbar\v3.2.0.0\Piolet_Toolbar.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\ProgramFiles\Dealio\kb124\Dealio.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}- C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} -C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE"C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVGAnti-Spyware 7.5\avgas .exe" /minimized
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet .exe" /min
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\SpySweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eijdrkcz] "C:\Documents and Settings\Kenneth\ApplicationData\?dobe\explorer.exe"
O4 - HKCU\..\Run: [ISMModule7] "C:\Program Files\ISM\ISMModule7.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\DownloadManager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Shsi] "C:\DOCUME~1\Kenneth\MYDOCU~1\WNSXS~1\msdtc.exe"-vt ndrv
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"/background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\MicrosoftOffice\Office\OSA9.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\ProgramFiles\MyWebSearch\bar\1.bin\MWSOEMON.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\ProgramFiles\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\ProgramFiles\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\ProgramFiles\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -http://favorites.live.com/quickadd....
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documentsand Settings\Kenneth\Application Data\Dealio\kb124\res\DealioSearch.html
O8 - Extra context menu item: Open in new background tab - res://C:\ProgramFiles\Windows Live
Toolbar\Components\en-us\msntabres.dll.mui/229?b390dcb8d80448aba0c6b6495b65
cfe2
O8 - Extra context menu item: Open in new foreground tab - res://C:\ProgramFiles\Windows Live
Toolbar\Components\en-us\msntabres.dll.mui/230?b390dcb8d80448aba0c6b6495b65
cfe2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}- C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (nofile)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} -C:\Documents and Settings\Kenneth\Start Menu\Programs\IMVU\Run IMVU.lnk
(file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} -C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio -{E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program
Files\Dealio\kb124\Dealio.dll
O12 - Plugin for .spop: C:\Program Files\InternetExplorer\Plugins\NPDocBox.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft DataCollection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClientClass) -
http://messenger.zone.msn.com/binar...
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package ManagerControl) - http://s.nx.com/activex/public_new/...
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) -C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire ShowdownClass) -
http://messenger.zone.msn.com/binar...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -http://messenger.zone.msn.com/EN-US...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live SafetyCenter Base Module) -
http://cdn.scan.onecare.live.com/re...
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) -http://gamedownload.ijjimax.com/gam...
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) -http://www.acclaim.com/cabs/acclaim...
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) -http://messenger.zone.msn.com/EN-US...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClientClass) -
http://messenger.zone.msn.com/binar...
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class)- http://dist.globalgamecdn.com/dist/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/M...
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control)- http://www.trendsecure.com/easy_ins...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -http://messenger.zone.msn.com/binar...
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown InstallerActiveX Control) - http://a.download.toontown.com/sv1....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClientClass) -
http://messenger.zone.msn.com/binar...
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnosticsClass) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) -http://www.gamengame.com/KALogoutCo...
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) -http://messenger.zone.msn.com/binar...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class)- http://messenger.zone.msn.com/binar...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) -https://secure.gopetslive.com/dev/GoPetsWeb.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) -http://utilities.pcpitstop.com/opti...
O20 - Winlogon Notify: pmnnopq - pmnnopq.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - EmsiSoftware GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\ProgramFiles\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd- C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - MacrovisionCorporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\ProgramFiles\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA,Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: M-Audio Micro Installer (MAudioMicroService) - AvidTechnology, Inc. - C:\Program Files\M-Audio\M-Audio Micro\MAUSBMRInst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\ProgramFiles\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\ProgramFiles\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) -Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) -Webroot Software, Inc. - C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe
--
End of file - 13999 bytes
+1 | |
Go to start> run> type in notepad> click "format"> click "wordwrap" to uncheck it> exit notepad.
Go to the this link:
Follow their directions to disable any realtime protection (spysweeper) or any other that you have as it will interfere with the fix by reinstalling the corrupt files.
Please download ComboFix to the desktop from one of the following links:
Link 3
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.
+1 | |
ComboFix 08-01-23.1C - Kenneth 2008-01-27 18:59:07.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.647 [GMT -5:00]
Running from: C:\Documents and Settings\Kenneth\Desktop\ComboFix(2).exe[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.2008-01-27 18:31 . 2008-01-27 18:31 <DIR> d-------- C:\Program Files\uTorrent
2008-01-27 18:14 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-01-27 16:41 . 2008-01-27 17:12 <DIR> d-------- C:\VundoFix Backups
2008-01-27 15:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-27 14:03 . 2008-01-27 14:03 338,432 --a------ C:\WINDOWS\system32\RCX351.tmp
2008-01-27 08:57 . 2008-01-27 08:57 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-01-27 08:56 . 2008-01-27 09:02 <DIR> d-------- C:\Program Files\The Cleaner Free
2008-01-27 07:33 . 2008-01-27 07:34 <DIR> d-------- C:\Program Files\XoftSpySE
2008-01-27 06:25 . 2008-01-27 06:25 1,994 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-27 06:24 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-27 06:24 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-27 06:24 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-27 06:24 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-27 06:24 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-27 06:24 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-26 14:16 . 2008-01-26 14:16 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-24 19:38 . 2008-01-24 19:40 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-01-24 15:19 . 2008-01-24 15:22 <DIR> d-------- C:\Program Files\MP3 WAV WMA Converter
2008-01-21 14:30 . 2007-09-27 12:08 692,224 --a------ C:\WINDOWS\system32\ijjiSetup.exe
2008-01-21 14:30 . 2007-06-21 18:59 58,776 --a------ C:\WINDOWS\system32\ijjiPlugin2.dll
2008-01-20 01:52 . 2008-01-22 10:45 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-20 01:52 . 2008-01-20 01:52 96 --a------ C:\index.ini
2008-01-20 01:51 . 2008-01-20 01:53 <DIR> d-------- C:\Program Files\a-squared HiJackFree
2008-01-20 01:14 . 2008-01-20 01:14 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-20 00:21 . 2008-01-27 18:54 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
2008-01-20 00:10 . 2008-01-20 00:10 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-01-20 00:09 . 2008-01-20 00:09 268 --ah----- C:\sqmdata01.sqm
2008-01-20 00:09 . 2008-01-20 00:09 244 --ah----- C:\sqmnoopt01.sqm
2008-01-20 00:07 . 2008-01-20 00:10 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-01-19 23:49 . 2008-01-19 23:49 2,014 -rah----- C:\WINDOWS\system32\drivers\hosts
2008-01-19 23:48 . 2008-01-19 23:49 <DIR> d-------- C:\Program Files\RogueRemover PRO
2008-01-19 23:47 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-19 23:41 . 2008-01-19 23:44 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-01-19 21:57 . 2008-01-19 23:18 174,592 --a------ C:\WINDOWS\system32\LEXPPS .exe
2008-01-19 20:56 . 2008-01-19 21:03 338,432 --a------ C:\WINDOWS\system32\mlljg.exe
2008-01-19 20:41 . 2008-01-19 20:41 <DIR> d-------- C:\WINDOWS\system32\nGpxx01
2008-01-19 20:41 . 2008-01-27 07:21 <DIR> d-------- C:\Temp
2008-01-18 10:35 . 2008-01-27 16:09 <DIR> d-------- C:\Program Files\iTunes
2008-01-18 10:35 . 2008-01-18 10:35 <DIR> d-------- C:\Program Files\iPod
2008-01-18 10:34 . 2008-01-18 10:34 <DIR> d-------- C:\Program Files\Bonjour
2008-01-18 10:33 . 2008-01-27 16:09 <DIR> d-------- C:\Program Files\QuickTime
2008-01-17 16:31 . 2008-01-17 16:43 <DIR> d-------- C:\Program Files\Crimson Editor
2008-01-17 07:04 . 2008-01-18 10:11 <DIR> d-------- C:\Program Files\MP3 Rocket
2008-01-16 17:38 . 2008-01-17 18:00 <DIR> d-------- C:\World of Warcraft
2008-01-16 17:27 . 2008-01-16 17:27 <DIR> d-------- C:\ijji
2008-01-16 12:02 . 2008-01-16 12:02 <DIR> d-------- C:\Program Files\Webroot
2008-01-16 12:02 . 2008-01-16 12:02 <DIR> d-------- C:\Program Files\AskSBar
2008-01-16 12:02 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-01-16 12:02 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-01-16 12:02 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-16 12:02 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-01-16 12:02 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-01-16 12:01 . 2008-01-16 12:30 164 --a------ C:\install.dat
2008-01-16 11:48 . 2008-01-16 11:48 268 --ah----- C:\sqmdata02.sqm
2008-01-16 11:48 . 2008-01-16 11:48 244 --ah----- C:\sqmnoopt02.sqm
2008-01-15 21:53 . 2008-01-15 21:53 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-01-12 22:39 . 2005-08-11 15:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-01-10 19:29 . 2008-01-10 19:29 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-10 17:08 . 2008-01-10 17:08 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-01-10 17:00 . 2008-01-10 17:00 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-04 22:04 . 2008-01-04 22:12 <DIR> d-------- C:\Program Files\RegCure
2008-01-04 20:14 . 2008-01-04 20:14 <DIR> d-------- C:\Program Files\Radeon Omega Drivers
2008-01-04 19:25 . 2008-01-04 19:25 <DIR> d-------- C:\Program Files\ATI Technologies
2008-01-04 19:04 . 2008-01-04 19:25 <DIR> d-------- C:\WINDOWS\uninstall\DirectX Buster
2008-01-04 19:04 . 2008-01-04 19:04 <DIR> d-------- C:\WINDOWS\uninstall
2008-01-04 19:04 . 2008-01-04 19:25 <DIR> d-------- C:\Program Files\DirectX Buster
2008-01-04 18:32 . 2008-01-04 19:25 <DIR> d-------- C:\ATI(2)
2008-01-04 18:26 . 2008-01-04 19:25 <DIR> d-------- C:\Program Files\Driver Cleaner Pro
2008-01-04 16:54 . 2008-01-04 19:31 <DIR> d-------- C:\Program Files\Microsoft DirectX SDK (November 2007)
2008-01-04 16:00 . 2007-08-22 21:06 352,256 --a------ C:\WINDOWS\system32\ATIDEMGX(2).dll
2008-01-03 15:59 . 2008-01-03 15:59 <DIR> d-------- C:\Program Files\BillP Studios
2008-01-02 16:42 . 2005-07-24 22:56 1,237,863 --a------ C:\WINDOWS\system32\ms98.cab
2008-01-02 16:42 . 2004-12-14 13:56 3,561 --a------ C:\WINDOWS\system32\HPMICE.PCX.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 23:31 --------- d-----w C:\Program Files\FlashGet
2008-01-27 21:09 --------- d-----w C:\Program Files\MSN Messenger
2008-01-27 21:09 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-01-27 21:09 --------- d-----w C:\Program Files\Dealio
2008-01-27 21:09 --------- d-----w C:\Program Files\AIM6
2008-01-27 19:30 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-27 19:30 107,832 -c--a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-26 18:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-25 22:51 --------- d-----w C:\Program Files\Xfire
2008-01-24 20:32 --------- d-----w C:\Program Files\WarRock
2008-01-20 06:58 --------- d-----w C:\Program Files\iMesh Applications
2008-01-20 06:45 --------- d-----w C:\Program Files\Lexmark 4200 Series
2008-01-20 05:08 --------- d-----w C:\Program Files\Real
2008-01-20 03:05 499,200 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe.tmp
2008-01-19 23:56 --------- d-----w C:\Program Files\DivX
2008-01-18 15:08 --------- d-----w C:\Program Files\Java
2008-01-16 22:41 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-01-13 03:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-05 01:14 472,576 ----a-w C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-01-04 00:51 --------- d-----w C:\Program Files\Yahoo!
2008-01-03 21:47 --------- d-----w C:\Program Files\MultiRes
2007-12-13 21:45 --------- d-----w C:\Program Files\BearShare Applications
2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-05 03:05 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-05 02:56 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-05 02:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-05 02:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-05 02:53 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-05 02:48 9,535,488 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-05 02:19 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-05 02:19 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-05 02:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-05 02:16 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-05 02:14 180,224 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-28 22:45 --------- d-----w C:\Program Files\Viewpoint
2007-11-28 22:44 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-28 22:08 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-11-26 14:55 230,481 ----a-w C:\WINDOWS\Piolet_Toolbar_Uninstaller_6093.exe
2007-11-21 08:02 98,304 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-19 21:37 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2007-10-29 22:43 1,287,680 -c--a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 10:04 350,720 ----a-w C:\WINDOWS\system32\SET5.tmp
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-07-26 01:01 3,580 ----a-w C:\Program Files\INSTALL.LOG
2001-09-28 21:00 164,864 -c--a-w C:\Program Files\UNWISE.exe
.
[code][/code]
----a-w 1,816,208 2008-01-22 10:48:43 C:\Program Files\a-squared Anti-Malware\a2guard .exe
----a-w 2,007,088 2008-01-27 20:09:59 C:\Program Files\FlashGet\FlashGet .exe
----a-w 57,344 2008-01-20 06:45:32 C:\Program Files\Lexmark 4200 Series\lxbmbmgr .exe
----a-w 1,694,208 2008-01-20 02:59:06 C:\Program Files\Messenger\msmsgs .exe
----a-w 304,632 2008-01-20 03:04:38 C:\Program Files\Verizon\Verizon Internet Security Suite\Rps .exe
----a-w 13,816 2008-01-20 04:19:07 C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR .exe
----a-w 5,367,664 2008-01-27 12:08:02 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
----a-w 174,592 2008-01-20 04:18:49 C:\WINDOWS\system32\LEXPPS .exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-01-16 12:02 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}]
C:\Program Files\ISM\BndDrive7.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDDF3383-EC5F-49DF-A8B6-CEC2D8F6164C}]
2007-11-26 09:55 798720 --a--c--- C:\Program Files\Piolet Toolbar\v3.2.0.0\Piolet_Toolbar.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF986924-D69B-8812-E820-FF8A30F02EE1}]
C:\WINDOWS\system32\ohsdvi.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-01-16 12:02 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46C4-B683-905236F6F655}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}
{C75C8E7E-5059-4469-AC11-D7544B260382}
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}[HKEY_CLASSES_ROOT\clsid\{c75c8e7e-5059-4469-ac11-d7544b260382}]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{C75C8E7E-5059-4469-AC11-D7544B260382}"= C:\Program Files\Piolet Toolbar\v3.2.0.0\Piolet_Toolbar.dll [2007-11-26 09:55 798720]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-01-16 12:02 267592][HKEY_CLASSES_ROOT\clsid\{c75c8e7e-5059-4469-ac11-d7544b260382}]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"Eijdrkcz"="C:\Documents and Settings\Kenneth\Application Data\?dobe\explorer.exe" [ ]
"WebCamRT.exe"="" []
"ISMModule7"="C:\Program Files\ISM\ISMModule7.exe" [ ]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [ ]
"Shsi"="C:\DOCUME~1\Kenneth\MYDOCU~1\WNSXS~1\msdtc.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" []
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 33280 C:\WINDOWS\system32\rundll32.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [ ]
"Flashget"="C:\Program Files\FlashGet\FlashGet .exe" [ ]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [ ]C:\Documents and Settings\Cindy\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-12-03 16:35:53 147456]C:\Documents and Settings\rob\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-12-03 16:35:53 147456]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.exe [1999-02-17 15:05:56 65588][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnopq]
pmnnopq.dll[HKLM\~\startupfolder\C:^Documents and Settings^Kenneth^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Kenneth\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^Kenneth^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\Kenneth\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^Kenneth^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Kenneth\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActiveSpeed]
C:\Program Files\Ascentive\ActiveSpeed\AS.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
C:\Program Files\AGEIA Technologies\TrayIcon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
--a------ 2006-02-21 20:05 344064 C:\WINDOWS\system32\atiptaxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
C:\Program Files\Dealio\DealioAU.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmsrs.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e3391b63.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer4_in_1]
C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\FlashGet.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IFStub]
C:\WINDOWS\Temp\Adware\InstaFinderK_inst .exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\install]
C:\WINDOWS\WINDOWS\install.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Security Suite]
C:\Program Files\Verizon\Internet Security Suite\Freedom.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\irssyncd]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ityj]
C:\Program Files\??sks\chkntfs.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\Kazaa\kazaa.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 4200 Series]
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
--a------ 2008-01-19 21:03 338432 C:\WINDOWS\system32\mlljg.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MicroSys-CheckAjour]
C:\Program Files\Micro-Sys Software\Ajour\ChkAjour.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexonPlug]
C:\Nexon\NexonPlug\NexonPlug.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 12:22 86016 C:\WINDOWS\system32\NvMcTray.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAS_Check]
C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize2 Reminder]
C:\Program Files\PCPitstop\Optimize2\Reminder.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]
C:\Program Files\Ascentive\Performance Center\ApcMain.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pop06ap]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask .exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean]
C:\Program Files\RegClean\RegClean.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\tsitra11.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6_Check]
C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shsi]
C:\PROGRA~1\COMMON~1\WNSXS~1\ati2evxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon Internet Security Suite]
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
C:\Program Files\Zune\ZuneLauncher.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"RP_FWS"=2 (0x2)
"RPSUpdaterR"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"dvpapi"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ATI Smart"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"LexBceS"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 02:55]
R2 MAudioMicroService;M-Audio Micro Installer;C:\Program Files\M-Audio\M-Audio Micro\MAUSBMRInst.exe [2007-08-13 09:35]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S3 geebers12;geebers12;C:\Documents and Settings\Kenneth\Desktop\blorbslayerengine\nvid888.sys []
S3 Intels51;Intel(R) 536EP V.92 Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2002-05-10 08:31]
S3 MAUSBML;Service for M-Audio Micro (WDM);C:\WINDOWS\system32\DRIVERS\mausbmr.sys [2007-04-27 09:38]
S3 MS1000;MS1000;C:\WINDOWS\system32\DRIVERS\MS1000.sys [2008-01-27 08:57]
S3 oflpydin;oflpydin;C:\DOCUME~1\Kenneth\LOCALS~1\Temp\oflpydin.sys []
S3 Radialpoint Security Services;Verizon Internet Security Suite;C:\WINDOWS\system32\dllhost.exe [2004-08-03 23:56]
S3 XDva028;XDva028;C:\WINDOWS\system32\XDva028.sys []
S3 XDva030;XDva030;C:\WINDOWS\system32\XDva030.sys []
S3 XDva058;XDva058;C:\WINDOWS\system32\XDva058.sys []
S3 XDva062;XDva062;C:\WINDOWS\system32\XDva062.sys []
S3 XDva068;XDva068;C:\WINDOWS\system32\XDva068.sys []HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 22:40:52 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-27 20:10:22 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert .ex
- C:\Program Files\AdwareAlert
"2008-01-17 01:56:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-27 23:19:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.exe
"2008-01-25 08:30:01 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
- C:\Program Files\RegClean
"2008-01-27 22:15:05 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-24 09:10:51 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-16 17:02:29 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- A:\
"2008-01-27 22:14:59 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-01-27 12:33:16 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 19:03:28
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2008-01-27 19:04:22
ComboFix-quarantined-files.txt 2008-01-28 00:04:06
ComboFix2.txt 2008-01-27 22:13:09
ComboFix3.txt 2008-01-27 21:34:00
.
2007-12-11 12:42:14 --- E O F ---
+1 | |
Go to start. control panel> add/remove programs and uninstall these programs if found:
XoftSpySE
uTorrent
KAZAA
DriveCleaner 2006
MessengerPlus! 3
Piolet Toolbar
ISM
LimeWire
ImeshOpen Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
RenV::
----a-w 1,816,208 2008-01-22 10:48:43 C:\Program Files\a-squared Anti-Malware\a2guard .exe
----a-w 2,007,088 2008-01-27 20:09:59 C:\Program Files\FlashGet\FlashGet .exe
----a-w 57,344 2008-01-20 06:45:32 C:\Program Files\Lexmark 4200 Series\lxbmbmgr .exe
----a-w 1,694,208 2008-01-20 02:59:06 C:\Program Files\Messenger\msmsgs .exe
----a-w 304,632 2008-01-20 03:04:38 C:\Program Files\Verizon\Verizon Internet Security Suite\Rps .exe
----a-w 13,816 2008-01-20 04:19:07 C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR .exe
----a-w 5,367,664 2008-01-27 12:08:02 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
----a-w 174,592 2008-01-20 04:18:49 C:\WINDOWS\system32\LEXPPS .exeFile::
:\WINDOWS\system32\RCX351.tmp
C:\WINDOWS\system32\ijjiSetup.exe
C:\WINDOWS\system32\ijjiPlugin2.dll
C:\WINDOWS\system32\mlljg.exe
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\awvvw.exe
C:\WINDOWS\system32\SET5.tmpDriver::
pmnnopqFolder::
C:\ijji
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDDF3383-EC5F-49DF-A8B6-CEC2D8F6164C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF986924-D69B-8812-E820-FF8A30F02EE1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
[-HKEY_CLASSES_ROOT\clsid\{c75c8e7e-5059-4469-ac11-d7544b260382}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{C75C8E7E-5059-4469-AC11-D7544B260382}"=-
[-HKEY_CLASSES_ROOT\clsid\{c75c8e7e-5059-4469-ac11-d7544b260382}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eijdrkcz"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnopq]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmsrs.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e3391b63.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IFStub]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\irssyncd]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ityj]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAS_Check]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pop06ap]XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".Post a new Hijack This log and Combofix log.
+1 | |
ComboFix 08-01-23.1C - Kenneth 2008-01-27 21:16:50.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.640 [GMT -5:00]
Running from: C:\Documents and Settings\Kenneth\Desktop\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\Kenneth\Desktop\CFScript.txt
* Created a new restore point[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE
:\WINDOWS\system32\RCX351.tmp
C:\WINDOWS\system32\awvvw.exe
C:\WINDOWS\system32\ijjiPlugin2.dll
C:\WINDOWS\system32\ijjiSetup.exe
C:\WINDOWS\system32\mlljg.exe
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\SET5.tmp
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:\ijji
C:\ijji\ENGLISH\Gunz\BAReport.exe
C:\ijji\ENGLISH\Gunz\config.xml
C:\ijji\ENGLISH\Gunz\dbghelp.dll
C:\ijji\ENGLISH\Gunz\fmod.dll
C:\ijji\ENGLISH\Gunz\GameGuard.des
C:\ijji\ENGLISH\Gunz\GameGuard\category.tsf
C:\ijji\ENGLISH\Gunz\GameGuard\daily.tsf
C:\ijji\ENGLISH\Gunz\GameGuard\GameGuard.des
C:\ijji\ENGLISH\Gunz\GameGuard\GameGuard.ver
C:\ijji\ENGLISH\Gunz\GameGuard\GameMon.des
C:\ijji\ENGLISH\Gunz\GameGuard\ggscan.des
C:\ijji\ENGLISH\Gunz\GameGuard\GunzUS.ini
C:\ijji\ENGLISH\Gunz\GameGuard\npgg.erl
C:\ijji\ENGLISH\Gunz\GameGuard\npgg9x.des
C:\ijji\ENGLISH\Gunz\GameGuard\npggNT.des
C:\ijji\ENGLISH\Gunz\GameGuard\npgl.erl
C:\ijji\ENGLISH\Gunz\GameGuard\npgm.erl
C:\ijji\ENGLISH\Gunz\GameGuard\npgmup.des
C:\ijji\ENGLISH\Gunz\GameGuard\npgmup.des.new
C:\ijji\ENGLISH\Gunz\GameGuard\npgmup.erl
C:\ijji\ENGLISH\Gunz\GameGuard\npsc.des
C:\ijji\ENGLISH\Gunz\GameGuard\npsc.erl
C:\ijji\ENGLISH\Gunz\GameGuard\Splash.jpg
C:\ijji\ENGLISH\Gunz\GameGuard\teas.dll
C:\ijji\ENGLISH\Gunz\GameGuard\teas.tls
C:\ijji\ENGLISH\Gunz\GameGuard\teasbase.tsf
C:\ijji\ENGLISH\Gunz\GameGuard\teasname.tsf
C:\ijji\ENGLISH\Gunz\GameGuard\TeCtrl.dll
C:\ijji\ENGLISH\Gunz\GameGuard\TyAv32.dll
C:\ijji\ENGLISH\Gunz\GameGuard\tyavd.tsf
C:\ijji\ENGLISH\Gunz\GameGuard\tyavn.tsf
C:\ijji\ENGLISH\Gunz\gdiplus.dll
C:\ijji\ENGLISH\Gunz\Gunz.exe
C:\ijji\ENGLISH\Gunz\GunzLauncher.exe
C:\ijji\ENGLISH\Gunz\GunzUS.ini
C:\ijji\ENGLISH\Gunz\HanAuthForClient.dll
C:\ijji\ENGLISH\Gunz\HanPollForClient.dll
C:\ijji\ENGLISH\Gunz\HanReportForClient.dll
C:\ijji\ENGLISH\Gunz\Interface\default.mrs
C:\ijji\ENGLISH\Gunz\Interface\loadable.mrs
C:\ijji\ENGLISH\Gunz\Interface\Login.mrs
C:\ijji\ENGLISH\Gunz\Interface\MonsterIllust.mrs
C:\ijji\ENGLISH\Gunz\lastchar.dat
C:\ijji\ENGLISH\Gunz\Maps\Battle Arena.mrs
C:\ijji\ENGLISH\Gunz\Maps\Castle.mrs
C:\ijji\ENGLISH\Gunz\Maps\Catacomb.mrs
C:\ijji\ENGLISH\Gunz\Maps\Dungeon.mrs
C:\ijji\ENGLISH\Gunz\Maps\Factory.mrs
C:\ijji\ENGLISH\Gunz\Maps\Garden.mrs
C:\ijji\ENGLISH\Gunz\Maps\Hall.mrs
C:\ijji\ENGLISH\Gunz\Maps\Island.mrs
C:\ijji\ENGLISH\Gunz\Maps\Jail.mrs
C:\ijji\ENGLISH\Gunz\Maps\Lost Shrine.mrs
C:\ijji\ENGLISH\Gunz\Maps\mansion.mrs
C:\ijji\ENGLISH\Gunz\Maps\Port.mrs
C:\ijji\ENGLISH\Gunz\Maps\prison II.mrs
C:\ijji\ENGLISH\Gunz\Maps\prison.mrs
C:\ijji\ENGLISH\Gunz\Maps\Ruin.mrs
C:\ijji\ENGLISH\Gunz\Maps\Shower Room.mrs
C:\ijji\ENGLISH\Gunz\Maps\Snow_Town.mrs
C:\ijji\ENGLISH\Gunz\Maps\Stairway.mrs
C:\ijji\ENGLISH\Gunz\Maps\station.mrs
C:\ijji\ENGLISH\Gunz\Maps\Town.mrs
C:\ijji\ENGLISH\Gunz\mlog.txt
C:\ijji\ENGLISH\Gunz\model.mrs
C:\ijji\ENGLISH\Gunz\Model\man.mrs
C:\ijji\ENGLISH\Gunz\Model\NPC\goblin.mrs
C:\ijji\ENGLISH\Gunz\Model\NPC\Palmpoa.mrs
C:\ijji\ENGLISH\Gunz\Model\NPC\Skeleton.mrs
C:\ijji\ENGLISH\Gunz\Model\woman.mrs
C:\ijji\ENGLISH\Gunz\msvcp71.dll
C:\ijji\ENGLISH\Gunz\msvcr71.dll
C:\ijji\ENGLISH\Gunz\patch.xml
C:\ijji\ENGLISH\Gunz\patchlog.txt
C:\ijji\ENGLISH\Gunz\Quest\Maps\Dungeon_cavern1.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Dungeon_cavern2.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Dungeon_cavern3.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Dungeon_nest1.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Dungeon_nest2.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Dungeon_nest3.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Dungeon_passage1.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Dungeon_passage2.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Dungeon_passage3.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Mansion_hall1.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Mansion_hall2.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Mansion_hall3.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Mansion_passage1.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Mansion_passage2.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Mansion_passage3.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Mansion_room1.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Mansion_room2.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Mansion_room3.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Prison_drainage1.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Prison_drainage2.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Prison_hall1.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Prison_hall2.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Prison_passage1.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Prison_passage2.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Prison_passage3.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Prison_prison.mrs
C:\ijji\ENGLISH\Gunz\Quest\Maps\Prison_shower_room.mrs
C:\ijji\ENGLISH\Gunz\sfx.mrs
C:\ijji\ENGLISH\Gunz\Shader\patchlog.txt
C:\ijji\ENGLISH\Gunz\Shader\skin.vso
C:\ijji\ENGLISH\Gunz\Shader\skin1.vso
C:\ijji\ENGLISH\Gunz\Sound\bgm.mrs
C:\ijji\ENGLISH\Gunz\Sound\effect.mrs
C:\ijji\ENGLISH\Gunz\Sound\Effect\fx2.mrs
C:\ijji\ENGLISH\Gunz\Sound\Effect\nar.mrs
C:\ijji\ENGLISH\Gunz\Sound\Effect\quest\goblin.mrs
C:\ijji\ENGLISH\Gunz\Sound\Effect\quest\golem.mrs
C:\ijji\ENGLISH\Gunz\Sound\Effect\quest\lizard.mrs
C:\ijji\ENGLISH\Gunz\Sound\Effect\quest\skeleton.mrs
C:\ijji\ENGLISH\Gunz\system.mrs
C:\ijji\ENGLISH\Gunz\Uninstall.exe
C:\ijji\ENGLISH\Gunz\Update1.mrs
C:\ijji\ENGLISH\Gunz\Update2.mrs
C:\ijji\ENGLISH\Gunz\Update3.mrs
C:\WINDOWS\system32\ijjiPlugin2.dll
C:\WINDOWS\system32\ijjiSetup.exe
C:\WINDOWS\system32\mlljg.exe
C:\WINDOWS\system32\SET5.tmp.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-28 )))))))))))))))))))))))))))))))
.2008-01-27 20:09 . 2008-01-27 20:09 <DIR> d-------- C:\Program Files\StepMania CVS
2008-01-27 20:02 . 2008-01-16 12:02 267,592 --a------ C:\Program Files\Uninstall Ask Toolbar.dll
2008-01-27 18:31 . 2008-01-27 18:31 <DIR> d-------- C:\Program Files\uTorrent
2008-01-27 18:14 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-01-27 15:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-27 14:03 . 2008-01-27 14:03 338,432 --a------ C:\WINDOWS\system32\RCX351.tmp
2008-01-27 08:57 . 2008-01-27 08:57 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-01-27 06:25 . 2008-01-27 06:25 1,994 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-27 06:24 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-27 06:24 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-27 06:24 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-27 06:24 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-27 06:24 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-27 06:24 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-26 14:16 . 2008-01-26 14:16 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-24 19:38 . 2008-01-24 19:40 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-01-24 15:19 . 2008-01-24 15:22 <DIR> d-------- C:\Program Files\MP3 WAV WMA Converter
2008-01-20 01:52 . 2008-01-27 21:16 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-20 01:52 . 2008-01-20 01:52 96 --a------ C:\index.ini
2008-01-20 01:14 . 2008-01-20 01:14 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-20 00:21 . 2008-01-27 20:12 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
2008-01-20 00:10 . 2008-01-20 00:10 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-01-20 00:09 . 2008-01-20 00:09 268 --ah----- C:\sqmdata01.sqm
2008-01-20 00:09 . 2008-01-20 00:09 244 --ah----- C:\sqmnoopt01.sqm
2008-01-20 00:07 . 2008-01-20 00:10 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-01-19 23:49 . 2008-01-19 23:49 2,014 -rah----- C:\WINDOWS\system32\drivers\hosts
2008-01-19 21:57 . 2008-01-19 23:18 174,592 --a------ C:\WINDOWS\system32\LEXPPS.exe
2008-01-19 20:41 . 2008-01-19 20:41 <DIR> d-------- C:\WINDOWS\system32\nGpxx01
2008-01-19 20:41 . 2008-01-27 07:21 <DIR> d-------- C:\Temp
2008-01-18 10:35 . 2008-01-27 16:09 <DIR> d-------- C:\Program Files\iTunes
2008-01-18 10:35 . 2008-01-18 10:35 <DIR> d-------- C:\Program Files\iPod
2008-01-18 10:34 . 2008-01-18 10:34 <DIR> d-------- C:\Program Files\Bonjour
2008-01-18 10:33 . 2008-01-27 16:09 <DIR> d-------- C:\Program Files\QuickTime
2008-01-17 16:31 . 2008-01-17 16:43 <DIR> d-------- C:\Program Files\Crimson Editor
2008-01-17 07:04 . 2008-01-18 10:11 <DIR> d-------- C:\Program Files\MP3 Rocket
2008-01-16 17:38 . 2008-01-17 18:00 <DIR> d-------- C:\World of Warcraft
2008-01-16 12:02 . 2008-01-16 12:02 <DIR> d-------- C:\Program Files\Webroot
2008-01-16 12:02 . 2008-01-27 20:29 <DIR> d-a------ C:\Program Files\AskSBar
2008-01-16 12:02 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-01-16 12:01 . 2008-01-16 12:30 164 --a------ C:\install.dat
2008-01-16 11:48 . 2008-01-16 11:48 268 --ah----- C:\sqmdata02.sqm
2008-01-16 11:48 . 2008-01-16 11:48 244 --ah----- C:\sqmnoopt02.sqm
2008-01-15 21:53 . 2008-01-15 21:53 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-01-12 22:39 . 2005-08-11 15:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-01-10 19:29 . 2008-01-10 19:29 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-10 17:08 . 2008-01-10 17:08 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-01-10 17:00 . 2008-01-10 17:00 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-04 20:14 . 2008-01-04 20:14 <DIR> d-------- C:\Program Files\Radeon Omega Drivers
2008-01-04 19:25 . 2008-01-04 19:25 <DIR> d-------- C:\Program Files\ATI Technologies
2008-01-04 19:04 . 2008-01-04 19:25 <DIR> d-------- C:\WINDOWS\uninstall\DirectX Buster
2008-01-04 19:04 . 2008-01-04 19:04 <DIR> d-------- C:\WINDOWS\uninstall
2008-01-04 19:04 . 2008-01-04 19:25 <DIR> d-------- C:\Program Files\DirectX Buster
2008-01-04 18:32 . 2008-01-04 19:25 <DIR> d-------- C:\ATI(2)
2008-01-04 16:54 . 2008-01-04 19:31 <DIR> d-------- C:\Program Files\Microsoft DirectX SDK (November 2007)
2008-01-04 16:00 . 2007-08-22 21:06 352,256 --a------ C:\WINDOWS\system32\ATIDEMGX(2).dll
2008-01-03 15:59 . 2008-01-03 15:59 <DIR> d-------- C:\Program Files\BillP Studios
2008-01-02 16:42 . 2005-07-24 22:56 1,237,863 --a------ C:\WINDOWS\system32\ms98.cab
2008-01-02 16:42 . 2004-12-14 13:56 3,561 --a------ C:\WINDOWS\system32\HPMICE.PCX.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 02:16 --------- d-----w C:\Program Files\Lexmark 4200 Series
2008-01-28 01:51 --------- d-----w C:\Program Files\LimeWire
2008-01-28 01:50 --------- d-----w C:\Program Files\Piolet Toolbar
2008-01-28 01:24 --------- d-----w C:\Program Files\Yahoo!
2008-01-28 01:16 --------- d-----w C:\Program Files\Java
2008-01-27 23:31 --------- d-----w C:\Program Files\FlashGet
2008-01-27 21:09 --------- d-----w C:\Program Files\MSN Messenger
2008-01-27 21:09 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-01-27 21:09 --------- d-----w C:\Program Files\Dealio
2008-01-27 21:09 --------- d-----w C:\Program Files\AIM6
2008-01-27 19:30 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-27 19:30 107,832 -c--a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-26 18:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-25 22:51 --------- d-----w C:\Program Files\Xfire
2008-01-24 20:32 --------- d-----w C:\Program Files\WarRock
2008-01-20 06:58 --------- d-----w C:\Program Files\iMesh Applications
2008-01-20 05:08 --------- d-----w C:\Program Files\Real
2008-01-20 03:05 499,200 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe.tmp
2008-01-19 23:56 --------- d-----w C:\Program Files\DivX
2008-01-16 22:41 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-01-13 03:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-05 01:14 472,576 ----a-w C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-01-03 21:47 --------- d-----w C:\Program Files\MultiRes
2007-12-13 21:45 --------- d-----w C:\Program Files\BearShare Applications
2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-05 03:05 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-05 02:56 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-05 02:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-05 02:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-05 02:53 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-05 02:48 9,535,488 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-05 02:19 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-05 02:19 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-05 02:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-05 02:16 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-05 02:14 180,224 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-28 22:45 --------- d-----w C:\Program Files\Viewpoint
2007-11-28 22:44 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-28 22:08 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-11-26 14:55 230,481 ----a-w C:\WINDOWS\Piolet_Toolbar_Uninstaller_6093.exe
2007-11-21 08:02 98,304 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-19 21:37 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2007-10-29 22:43 1,287,680 -c--a-w C:\WINDOWS\system32\quartz.dll
2007-07-26 01:01 3,580 ----a-w C:\Program Files\INSTALL.LOG
2001-09-28 21:00 164,864 -c--a-w C:\Program Files\UNWISE.exe
.
[code][/code]
----a-w 2,007,088 2008-01-27 20:09:59 C:\Program Files\FlashGet\FlashGet .exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"WebCamRT.exe"="" []
"ISMModule7"="C:\Program Files\ISM\ISMModule7.exe" [ ]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [ ]
"Shsi"="C:\DOCUME~1\Kenneth\MYDOCU~1\WNSXS~1\msdtc.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" []
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 33280 C:\WINDOWS\system32\rundll32.exe]
"Flashget"="C:\Program Files\FlashGet\FlashGet .exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.exe [1999-02-17 15:05:56 65588][HKLM\~\startupfolder\C:^Documents and Settings^Kenneth^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Kenneth\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^Kenneth^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\Kenneth\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^Kenneth^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Kenneth\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActiveSpeed]
C:\Program Files\Ascentive\ActiveSpeed\AS.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
C:\Program Files\AGEIA Technologies\TrayIcon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
--a------ 2006-02-21 20:05 344064 C:\WINDOWS\system32\atiptaxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
C:\Program Files\Dealio\DealioAU.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer4_in_1]
C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\FlashGet.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\install]
C:\WINDOWS\WINDOWS\install.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Security Suite]
C:\Program Files\Verizon\Internet Security Suite\Freedom.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 4200 Series]
--a------ 2008-01-20 01:45 57344 C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MicroSys-CheckAjour]
C:\Program Files\Micro-Sys Software\Ajour\ChkAjour.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-01-19 21:59 1694208 C:\Program Files\Messenger\msmsgs.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexonPlug]
C:\Nexon\NexonPlug\NexonPlug.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 12:22 86016 C:\WINDOWS\system32\NvMcTray.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize2 Reminder]
C:\Program Files\PCPitstop\Optimize2\Reminder.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]
C:\Program Files\Ascentive\Performance Center\ApcMain.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask .exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean]
C:\Program Files\RegClean\RegClean.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\tsitra11.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6_Check]
C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shsi]
C:\PROGRA~1\COMMON~1\WNSXS~1\ati2evxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon Internet Security Suite]
--a------ 2008-01-19 22:04 304632 C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
C:\Program Files\Zune\ZuneLauncher.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"RP_FWS"=2 (0x2)
"RPSUpdaterR"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"dvpapi"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ATI Smart"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"LexBceS"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 02:55]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S2 MAudioMicroService;M-Audio Micro Installer;C:\Program Files\M-Audio\M-Audio Micro\MAUSBMRInst.exe [2007-08-13 09:35]
S3 geebers12;geebers12;C:\Documents and Settings\Kenneth\Desktop\blorbslayerengine\nvid888.sys []
S3 Intels51;Intel(R) 536EP V.92 Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2002-05-10 08:31]
S3 MAUSBML;Service for M-Audio Micro (WDM);C:\WINDOWS\system32\DRIVERS\mausbmr.sys [2007-04-27 09:38]
S3 MS1000;MS1000;C:\WINDOWS\system32\DRIVERS\MS1000.sys [2008-01-27 08:57]
S3 oflpydin;oflpydin;C:\DOCUME~1\Kenneth\LOCALS~1\Temp\oflpydin.sys []
S3 Radialpoint Security Services;Verizon Internet Security Suite;C:\WINDOWS\system32\dllhost.exe [2004-08-03 23:56]
S3 XDva028;XDva028;C:\WINDOWS\system32\XDva028.sys []
S3 XDva030;XDva030;C:\WINDOWS\system32\XDva030.sys []
S3 XDva058;XDva058;C:\WINDOWS\system32\XDva058.sys []
S3 XDva062;XDva062;C:\WINDOWS\system32\XDva062.sys []
S3 XDva068;XDva068;C:\WINDOWS\system32\XDva068.sys []HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 22:40:52 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-27 20:10:22 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert .ex
- C:\Program Files\AdwareAlert
"2008-01-17 01:56:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-28 02:19:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.exe
"2008-01-25 08:30:01 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
- C:\Program Files\RegClean
"2008-01-27 22:15:05 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-24 09:10:51 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 21:21:18
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2008-01-27 21:22:04
ComboFix-quarantined-files.txt 2008-01-28 02:21:41
ComboFix2.txt 2008-01-28 00:04:22
.
2007-12-11 12:42:14 --- E O F ---
+1 | |
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:12 PM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Kenneth\Desktop\HiJackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 72.52.163.100:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet .exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISMModule7] "C:\Program Files\ISM\ISMModule7.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Shsi] "C:\DOCUME~1\Kenneth\MYDOCU~1\WNSXS~1\msdtc.exe" -vt ndrv
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd....
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Kenneth\Application Data\Dealio\kb124\res\DealioSearch.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?b390dcb8d80448aba0c6b6495b65cfe2
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?b390dcb8d80448aba0c6b6495b65cfe2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kenneth\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/...
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/re...
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gam...
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim...
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_ins...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutCo...
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binar...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/opti...
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: M-Audio Micro Installer (MAudioMicroService) - Avid Technology, Inc. - C:\Program Files\M-Audio\M-Audio Micro\MAUSBMRInst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe--
End of file - 11330 bytes
+1 | |
Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
RenV::
----a-w 2,007,088 2008-01-27 20:09:59 C:\Program Files\FlashGet\FlashGet .exeFile::
C:\WINDOWS\system32\RCX351.tmp
C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe.tmp
C:\WINDOWS\Piolet_Toolbar_Uninstaller_6093.exe
Folder::
C:\Program Files\uTorrent
C:\WINDOWS\system32\nGpxx01
C:\Program Files\LimeWire
C:\Program Files\Piolet Toolbar
C:\Program Files\MessengerPlus!
C:\Program Files\iMesh ApplicationsRegistry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\install]
[-HKLM\~\startupfolder\C:^Documents and Settings^Kenneth^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".Post a new Combofix log.
+1 | |
ComboFix 08-01-23.1C - Kenneth 2008-01-28 7:23:50.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.667 [GMT -5:00]
Running from: C:\Documents and Settings\Kenneth\Desktop\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\Kenneth\Desktop\CFScript.txt
* Created a new restore point[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe.tmp
C:\WINDOWS\Piolet_Toolbar_Uninstaller_6093.exe
C:\WINDOWS\system32\RCX351.tmp
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:\Program Files\LimeWire
C:\Program Files\LimeWire\KMFDM - Techno Combat (Mortal Kombat).mp3
C:\Program Files\LimeWire\Mortal Kombat - Final Combat (Techno).mp3
C:\Program Files\LimeWire\Rise Against - Behind Closed Doors.mp3
C:\Program Files\LimeWire\Rise Against - Give It All.mp3
C:\Program Files\LimeWire\Rise Against - State of The Union.mp3
C:\Program Files\LimeWire\Rise Against - The Good Left Undone(1).mp3
C:\Program Files\LimeWire\Rise Against - Worth Dying For.mp3
C:\Program Files\Piolet Toolbar
C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe.tmp
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
C:\WINDOWS\system32\RCX351.tmp.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-28 )))))))))))))))))))))))))))))))
.2008-01-27 22:03 . 2008-01-27 22:03 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-27 22:02 . 2008-01-27 22:02 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-01-27 21:34 . 2008-01-27 21:34 <DIR> d-------- C:\Perfect World
2008-01-27 21:32 . 2007-09-19 10:14 <DIR> d-------- C:\Program Files\background
2008-01-27 21:28 . 2008-01-27 21:32 <DIR> d-------- C:\Program Files\Perfect World
2008-01-27 20:09 . 2008-01-27 20:09 <DIR> d-------- C:\Program Files\StepMania CVS
2008-01-27 18:14 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-01-27 15:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-27 08:57 . 2008-01-27 08:57 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-01-27 06:25 . 2008-01-27 06:25 1,994 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-27 06:24 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-27 06:24 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-27 06:24 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-27 06:24 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-27 06:24 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-27 06:24 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-26 14:16 . 2008-01-26 14:16 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-24 19:38 . 2008-01-24 19:40 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-01-24 15:19 . 2008-01-24 15:22 <DIR> d-------- C:\Program Files\MP3 WAV WMA Converter
2008-01-20 01:52 . 2008-01-20 01:52 96 --a------ C:\index.ini
2008-01-20 01:14 . 2008-01-20 01:14 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-20 00:21 . 2008-01-28 07:15 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
2008-01-20 00:09 . 2008-01-20 00:09 268 --ah----- C:\sqmdata01.sqm
2008-01-20 00:09 . 2008-01-20 00:09 244 --ah----- C:\sqmnoopt01.sqm
2008-01-20 00:07 . 2008-01-27 22:02 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-01-19 23:49 . 2008-01-19 23:49 2,014 -rah----- C:\WINDOWS\system32\drivers\hosts
2008-01-19 21:57 . 2008-01-19 23:18 174,592 --a------ C:\WINDOWS\system32\LEXPPS.exe
2008-01-19 20:41 . 2008-01-27 07:21 <DIR> d-------- C:\Temp
2008-01-18 10:35 . 2008-01-27 16:09 <DIR> d-------- C:\Program Files\iTunes
2008-01-18 10:35 . 2008-01-18 10:35 <DIR> d-------- C:\Program Files\iPod
2008-01-18 10:34 . 2008-01-18 10:34 <DIR> d-------- C:\Program Files\Bonjour
2008-01-18 10:33 . 2008-01-27 16:09 <DIR> d-------- C:\Program Files\QuickTime
2008-01-17 16:31 . 2008-01-17 16:43 <DIR> d-------- C:\Program Files\Crimson Editor
2008-01-17 07:04 . 2008-01-18 10:11 <DIR> d-------- C:\Program Files\MP3 Rocket
2008-01-16 17:38 . 2008-01-17 18:00 <DIR> d-------- C:\World of Warcraft
2008-01-16 12:01 . 2008-01-16 12:30 164 --a------ C:\install.dat
2008-01-16 11:48 . 2008-01-16 11:48 268 --ah----- C:\sqmdata02.sqm
2008-01-16 11:48 . 2008-01-16 11:48 244 --ah----- C:\sqmnoopt02.sqm
2008-01-15 21:53 . 2008-01-15 21:53 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-01-12 22:39 . 2005-08-11 15:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-01-10 19:29 . 2008-01-10 19:29 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-10 17:08 . 2008-01-10 17:08 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-01-10 17:00 . 2008-01-10 17:00 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-04 20:14 . 2008-01-04 20:14 <DIR> d-------- C:\Program Files\Radeon Omega Drivers
2008-01-04 19:25 . 2008-01-04 19:25 <DIR> d-------- C:\Program Files\ATI Technologies
2008-01-04 19:04 . 2008-01-04 19:25 <DIR> d-------- C:\WINDOWS\uninstall\DirectX Buster
2008-01-04 19:04 . 2008-01-04 19:04 <DIR> d-------- C:\WINDOWS\uninstall
2008-01-04 19:04 . 2008-01-04 19:25 <DIR> d-------- C:\Program Files\DirectX Buster
2008-01-04 18:32 . 2008-01-04 19:25 <DIR> d-------- C:\ATI(2)
2008-01-04 16:54 . 2008-01-04 19:31 <DIR> d-------- C:\Program Files\Microsoft DirectX SDK (November 2007)
2008-01-04 16:00 . 2007-08-22 21:06 352,256 --a------ C:\WINDOWS\system32\ATIDEMGX(2).dll
2008-01-03 15:59 . 2008-01-03 15:59 <DIR> d-------- C:\Program Files\BillP Studios
2008-01-02 16:42 . 2005-07-24 22:56 1,237,863 --a------ C:\WINDOWS\system32\ms98.cab
2008-01-02 16:42 . 2004-12-14 13:56 3,561 --a------ C:\WINDOWS\system32\HPMICE.PCX.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 02:16 --------- d-----w C:\Program Files\Lexmark 4200 Series
2008-01-28 01:24 --------- d-----w C:\Program Files\Yahoo!
2008-01-28 01:16 --------- d-----w C:\Program Files\Java
2008-01-27 23:31 --------- d-----w C:\Program Files\FlashGet
2008-01-27 21:09 --------- d-----w C:\Program Files\MSN Messenger
2008-01-27 21:09 --------- d-----w C:\Program Files\Dealio
2008-01-27 21:09 --------- d-----w C:\Program Files\AIM6
2008-01-27 19:30 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-27 19:30 107,832 -c--a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-26 18:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-25 22:51 --------- d-----w C:\Program Files\Xfire
2008-01-24 20:32 --------- d-----w C:\Program Files\WarRock
2008-01-20 05:08 --------- d-----w C:\Program Files\Real
2008-01-19 23:56 --------- d-----w C:\Program Files\DivX
2008-01-16 22:41 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-01-13 03:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-05 01:14 472,576 ----a-w C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-01-03 21:47 --------- d-----w C:\Program Files\MultiRes
2007-12-13 21:45 --------- d-----w C:\Program Files\BearShare Applications
2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-05 03:05 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-05 02:56 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-05 02:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-05 02:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-05 02:53 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-05 02:48 9,535,488 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-05 02:19 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-05 02:19 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-05 02:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-05 02:16 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-05 02:14 180,224 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-28 22:45 --------- d-----w C:\Program Files\Viewpoint
2007-11-28 22:44 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-28 22:08 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-11-21 08:02 98,304 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-19 21:37 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 -c--a-w C:\WINDOWS\system32\quartz.dll
2007-07-26 01:01 3,580 ----a-w C:\Program Files\INSTALL.LOG
2001-09-28 21:00 164,864 -c--a-w C:\Program Files\UNWISE.exe
.
[code][/code]
----a-w 2,007,088 2008-01-27 20:09:59 C:\Program Files\FlashGet\FlashGet .exe
((((((((((((((((((((((((((((( snapshot@2008-01-27_21.21.24.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-28 02:16:26 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-28 12:23:45 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-28 02:16:26 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-28 12:23:45 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-28 02:16:26 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-28 12:23:46 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
- 2008-01-28 02:16:26 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-28 12:23:46 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-28 02:16:27 6,938,624 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
+ 2008-01-28 12:23:46 6,938,624 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
- 2008-01-28 02:16:27 217,088 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-28 12:23:46 217,088 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
- 2006-10-23 15:34:19 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-10-11 05:57:29 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2006-10-23 15:34:19 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-10-11 05:57:29 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2006-10-23 15:34:20 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-10-11 05:57:30 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2006-10-23 15:34:19 1,022,976 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-10-11 05:57:29 1,024,000 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
- 2006-10-23 15:34:19 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2007-10-11 05:57:29 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2006-10-23 15:34:20 1,054,208 -c----w C:\WINDOWS\system32\dllcache\danim.dll
+ 2007-10-11 05:57:30 1,054,208 -c----w C:\WINDOWS\system32\dllcache\danim.dll
- 2006-10-23 15:34:20 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-10-11 05:57:30 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2006-10-23 15:34:20 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-10-11 05:57:30 205,824 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2006-10-23 15:34:20 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-10-11 05:57:30 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2006-10-23 11:02:37 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-10-10 10:48:23 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2006-10-23 15:34:20 251,904 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-10-11 05:57:31 251,904 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2006-10-23 15:34:20 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-10-11 05:57:31 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-11-14 07:26:56 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2006-10-23 15:34:20 15,872 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-10-11 05:57:31 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2006-10-23 15:34:22 3,061,248 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-10-30 09:55:21 3,065,856 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2006-10-23 15:34:21 448,512 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-10-11 05:57:36 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2006-10-23 15:34:21 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-10-11 05:57:36 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2006-10-23 15:34:21 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-10-11 05:57:37 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2006-10-23 15:34:21 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-10-11 05:57:37 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2006-10-23 15:34:22 1,497,600 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2007-10-11 05:57:39 1,498,112 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-10-23 15:34:22 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-10-11 05:57:40 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2006-04-20 12:18:35 360,576 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 16:53:32 360,832 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-10-23 15:34:22 615,936 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-10-11 05:57:40 617,984 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2006-12-19 18:08:07 852,480 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2006-10-23 15:34:22 664,576 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-10-11 05:57:41 666,112 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-04-20 12:18:35 360,576 -c--a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2006-10-23 15:34:20 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-10-11 05:57:30 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2006-10-23 15:34:20 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-10-11 05:57:30 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2006-10-23 15:34:20 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-11 05:57:30 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2006-10-23 15:34:20 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-10-11 05:57:31 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2006-10-23 15:34:20 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-10-11 05:57:31 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-11-14 07:26:56 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2006-10-23 15:34:20 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-10-11 05:57:31 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
- 2006-10-23 15:34:22 3,061,248 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-10-30 09:55:21 3,065,856 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2006-10-23 15:34:21 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-11 05:57:36 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2006-10-23 15:34:21 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-10-11 05:57:36 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2006-10-23 15:34:21 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-10-11 05:57:37 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2006-10-23 15:34:21 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-10-11 05:57:37 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2006-10-23 15:34:22 1,497,600 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-10-11 05:57:39 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-10-23 15:34:22 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-10-11 05:57:40 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-10-23 15:34:22 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-10-11 05:57:40 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2006-10-23 15:34:22 664,576 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-10-11 05:57:41 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"WebCamRT.exe"="" []
"ISMModule7"="C:\Program Files\ISM\ISMModule7.exe" [ ]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [ ]
"Shsi"="C:\DOCUME~1\Kenneth\MYDOCU~1\WNSXS~1\msdtc.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" []
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 33280 C:\WINDOWS\system32\rundll32.exe]
"Flashget"="C:\Program Files\FlashGet\FlashGet .exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.exe [1999-02-17 15:05:56 65588][HKLM\~\startupfolder\C:^Documents and Settings^Kenneth^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Kenneth\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^Kenneth^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Kenneth\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActiveSpeed]
C:\Program Files\Ascentive\ActiveSpeed\AS.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
C:\Program Files\AGEIA Technologies\TrayIcon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
--a------ 2006-02-21 20:05 344064 C:\WINDOWS\system32\atiptaxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
C:\Program Files\Dealio\DealioAU.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer4_in_1]
C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\FlashGet.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\install]
C:\WINDOWS\WINDOWS\install.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Security Suite]
C:\Program Files\Verizon\Internet Security Suite\Freedom.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 4200 Series]
--a------ 2008-01-20 01:45 57344 C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MicroSys-CheckAjour]
C:\Program Files\Micro-Sys Software\Ajour\ChkAjour.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-01-19 21:59 1694208 C:\Program Files\Messenger\msmsgs.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexonPlug]
C:\Nexon\NexonPlug\NexonPlug.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 12:22 86016 C:\WINDOWS\system32\NvMcTray.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize2 Reminder]
C:\Program Files\PCPitstop\Optimize2\Reminder.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]
C:\Program Files\Ascentive\Performance Center\ApcMain.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask .exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean]
C:\Program Files\RegClean\RegClean.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\tsitra11.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6_Check]
C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shsi]
C:\PROGRA~1\COMMON~1\WNSXS~1\ati2evxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon Internet Security Suite]
--a------ 2008-01-19 22:04 304632 C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
C:\Program Files\Zune\ZuneLauncher.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"RP_FWS"=2 (0x2)
"RPSUpdaterR"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"dvpapi"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ATI Smart"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"LexBceS"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 02:55]
R2 MAudioMicroService;M-Audio Micro Installer;C:\Program Files\M-Audio\M-Audio Micro\MAUSBMRInst.exe [2007-08-13 09:35]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S3 geebers12;geebers12;C:\Documents and Settings\Kenneth\Desktop\blorbslayerengine\nvid888.sys []
S3 Intels51;Intel(R) 536EP V.92 Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2002-05-10 08:31]
S3 MAUSBML;Service for M-Audio Micro (WDM);C:\WINDOWS\system32\DRIVERS\mausbmr.sys [2007-04-27 09:38]
S3 MS1000;MS1000;C:\WINDOWS\system32\DRIVERS\MS1000.sys [2008-01-27 08:57]
S3 oflpydin;oflpydin;C:\DOCUME~1\Kenneth\LOCALS~1\Temp\oflpydin.sys []
S3 Radialpoint Security Services;Verizon Internet Security Suite;C:\WINDOWS\system32\dllhost.exe [2004-08-03 23:56]
S3 XDva028;XDva028;C:\WINDOWS\system32\XDva028.sys []
S3 XDva030;XDva030;C:\WINDOWS\system32\XDva030.sys []
S3 XDva058;XDva058;C:\WINDOWS\system32\XDva058.sys []
S3 XDva062;XDva062;C:\WINDOWS\system32\XDva062.sys []
S3 XDva068;XDva068;C:\WINDOWS\system32\XDva068.sys []HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 22:40:52 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-27 20:10:22 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert .ex
- C:\Program Files\AdwareAlert
"2008-01-17 01:56:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-28 12:16:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.exe
"2008-01-25 08:30:01 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
- C:\Program Files\RegClean
"2008-01-28 12:09:18 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-24 09:10:51 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 07:28:06
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2008-01-28 7:28:52
ComboFix-quarantined-files.txt 2008-01-28 12:28:31
ComboFix2.txt 2008-01-28 02:22:05
ComboFix3.txt 2008-01-28 00:04:22
.
2008-01-28 03:04:52 --- E O F ---
+1 | |
Looks better.
Please download Deckard’s Syatem Scanner (dss) to your desktop from the following link:
http://www.techsupportforum.com/sectools/Deckard/dss.exe
Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
+1 | |
Deckard's System Scanner v20071014.68
Run by Kenneth on 2008-01-28 21:16:10
Computer is in Normal Mode.
------------------------ System Res---------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
10: 2008-01-29 02:16:19 UTC - RP24 - Deckard's System Scanner Restore Point
9: 2008-01-28 12:36:05 UTC - RP23 - Software Distribution Service 3.0
8: 2008-01-28 12:23:42 UTC - RP22 - ComboFix created restore point
7: 2008-01-28 03:01:26 UTC - RP21 - Software Distribution Service 3.0
6: 2008-01-28 02:16:20 UTC - RP20 - ComboFix created restore point
-- First Restore Point --
1: 2008-01-27 22:03:48 UTC - RP15 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.[color=red]System Drive C: has 4 GiB (less than 15%) free.[/color]
-- HijackThis (run as Kenneth.---------------------Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:13 PM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: NormalRunning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\M-Audio\M-Audio Micro\MAUSBMRInst.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kenneth\Desktop\dss.exe
C:\DOCUME~1\Kenneth\Desktop\Kenneth.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 72.52.163.100:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet .exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISMModule7] "C:\Program Files\ISM\ISMModule7.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Shsi] "C:\DOCUME~1\Kenneth\MYDOCU~1\WNSXS~1\msdtc.exe" -vt ndrv
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd....
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Kenneth\Application Data\Dealio\kb124\res\DealioSearch.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?b390dcb8d80448aba0c6b6495b65cfe2
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?b390dcb8d80448aba0c6b6495b65cfe2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kenneth\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/...
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/re...
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gam...
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim...
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_ins...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutCo...
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binar...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/opti...
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: M-Audio Micro Installer (MAudioMicroService) - Avid Technology, Inc. - C:\Program Files\M-Audio\M-Audio Micro\MAUSBMRInst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe--
End of file - 11590 bytes-- File Associat------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------R1 atitray - c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R3 RadProbe (Radeon Probe Driver) - c:\windows\system32\drivers\radprobe.sys <Not Verified; ; RadProbe>S2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys (file missing)
S3 catchme - c:\docume~1\kenneth\locals~1\temp\catchme.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 geebers12 - c:\documents and settings\kenneth\desktop\blorbslayerengine\nvid888.sys (file missing)
S3 MAUSBML (Service for M-Audio Micro (WDM)) - c:\windows\system32\drivers\mausbmr.sys <Not Verified; Avid Technology, Inc.; >
S3 MS1000 - c:\windows\system32\drivers\ms1000.sys
S3 oflpydin - c:\docume~1\kenneth\locals~1\temp\oflpydin.sys (file missing)
S3 XDva028 - c:\windows\system32\xdva028.sys (file missing)
S3 XDva030 - c:\windows\system32\xdva030.sys (file missing)
S3 XDva058 - c:\windows\system32\xdva058.sys (file missing)
S3 XDva062 - c:\windows\system32\xdva062.sys (file missing)
S3 XDva068 - c:\windows\system32\xdva068.sys (file missing)
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------R2 MAudioMicroService (M-Audio Micro Installer) - c:\program files\m-audio\m-audio micro\mausbmrinst.exe <Not Verified; Avid Technology, Inc.; >
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>S2 RadClock - c:\windows\system32\radclock.exe <Not Verified; ; RadClock Module>
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 Ati HotKey Poller - c:\windows\system32\ati2evxx.exe (file missing)
S4 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
-- Device Manager: DisaClass GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Linksys Wireless-G PCI Adapter
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\3&61AAA01&0&50
Manufacturer: Linksys, A Division of Cisco Systems, Inc.
Name: Linksys Wireless-G PCI Adapter #2
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\3&61AAA01&0&50
Service: RT2500
-- Scheduled T--------2008-01-28 21:16:00 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-01-28 17:00:00 442 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-01-27 15:10:22 494 --a------ C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
2008-01-25 17:40:52 394 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-01-25 03:30:01 390 --a------ C:\WINDOWS\Tasks\RegClean Scheduled Scan.job
2008-01-24 04:10:51 376 --a------ C:\WINDOWS\Tasks\RegCure.job
2008-01-16 20:56:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2007-12-28 and 20---------2008-01-27 22:03:31 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-27 22:02:05 0 d-------- C:\Program Files\Windows Live Favorites
2008-01-27 21:34:08 0 d-------- C:\Perfect World
2008-01-27 21:32:12 0 d-------- C:\Program Files\background
2008-01-27 21:28:42 0 d-------- C:\Program Files\Perfect World
2008-01-27 20:09:00 0 d-------- C:\Program Files\StepMania CVS
2008-01-27 18:33:37 0 d-------- C:\Documents and Settings\Kenneth\My Documents
2008-01-27 18:31:58 0 d-------- C:\Documents and Settings\Kenneth\Application Data\uTorrent
2008-01-27 18:14:31 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-01-27 10:45:05 0 d-------- C:\Documents and Settings\rob\Application Data\MP3Rocket
2008-01-27 10:42:53 0 d-------- C:\Documents and Settings\rob\Application Data\Creative
2008-01-27 08:57:21 5376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-01-27 08:36:36 0 d-------- C:\Documents and Settings\rob\Contacts
2008-01-27 07:29:58 0 d-------- C:\Documents and Settings\rob\Application Data\AdwareAlert
2008-01-27 07:20:25 0 d-------- C:\Documents and Settings\rob\Application Data\Mozilla
2008-01-27 07:19:17 0 d-------- C:\Documents and Settings\rob\Application Data\Grisoft
2008-01-27 06:25:42 1994 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-27 06:24:11 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-27 06:24:11 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-01-27 06:24:11 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-01-27 06:24:11 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-01-27 06:24:11 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-01-27 06:24:11 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-26 14:16:37 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-01-24 19:38:11 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-01-24 15:19:06 0 d-------- C:\Program Files\MP3 WAV WMA Converter
2008-01-20 12:51:40 0 d-------- C:\Documents and Settings\Kenneth\Application Data\MSN6
2008-01-20 12:51:40 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-01-20 01:14:00 0 d-------- C:\WINDOWS\ERUNT
2008-01-20 01:05:02 0 d-------- C:\Documents and Settings\Kenneth\DoctorWeb
2008-01-20 00:21:31 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
2008-01-20 00:09:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-01-20 00:07:43 0 d-------- C:\Program Files\Windows Live Toolbar
2008-01-19 23:49:15 2014 -rah----- C:\WINDOWS\system32\drivers\hosts
2008-01-19 23:47:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-19 21:27:40 0 d-------- C:\Documents and Settings\rob\Application Data\Yahoo!
2008-01-19 21:27:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-19 20:41:03 0 d-------- C:\Temp
2008-01-18 16:56:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-18 10:35:13 0 d-------- C:\Program Files\iPod
2008-01-18 10:35:01 0 d-------- C:\Program Files\iTunes
2008-01-18 10:34:05 0 d-------- C:\Program Files\Bonjour
2008-01-18 10:33:10 0 d-------- C:\Program Files\QuickTime
2008-01-18 10:11:57 0 d-------- C:\Documents and Settings\Kenneth\Shared
2008-01-18 10:11:45 0 d-------- C:\Documents and Settings\Kenneth\Application Data\MP3Rocket
2008-01-17 16:31:19 0 d-------- C:\Program Files\Crimson Editor
2008-01-17 07:04:19 0 d-------- C:\Program Files\MP3 Rocket
2008-01-16 17:38:50 0 d-------- C:\World of Warcraft
2008-01-16 12:01:24 164 --a------ C:\install.dat
2008-01-15 21:53:19 0 d-------- C:\Program Files\WinAVI Video Converter
2008-01-14 15:52:52 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Electronic Arts
2008-01-12 22:46:30 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-10 17:00:14 0 d-------- C:\Program Files\Common Files\Java
2008-01-04 22:00:23 0 d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-01-04 20:28:45 0 d-------- C:\Documents and Settings\Kenneth\Application Data\atitray
2008-01-04 20:14:32 180224 --a------ C:\WINDOWS\system32\atiok3x2.dll <Not Verified; ATI Technologies Inc.; Ring 0 x2 Component>
2008-01-04 20:14:30 9535488 --a------ C:\WINDOWS\system32\atioglx2.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2008-01-04 20:14:24 887724 --a------ C:\WINDOWS\system32\ativva6x.dat
2008-01-04 20:14:23 158080 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-01-04 20:14:15 0 d-------- C:\Program Files\Radeon Omega Drivers
2008-01-04 19:30:43 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-01-04 19:25:56 0 d-------- C:\Program Files\ATI Technologies
2008-01-04 19:25:25 0 d-------- C:\ATI
2008-01-04 19:04:52 0 d-------- C:\Program Files\DirectX Buster
2008-01-04 19:04:39 0 d-------- C:\WINDOWS\uninstall <UNINST~1>
2008-01-04 18:32:41 0 d-------- C:\ATI(2)
2008-01-04 16:54:49 0 d-------- C:\Program Files\Microsoft DirectX SDK (November 2007)
2008-01-04 16:00:42 352256 --a------ C:\WINDOWS\system32\ATIDEMGX(2).dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-01-03 19:53:34 0 dr-h----- C:\Documents and Settings\Kenneth\Application Data\yahoo!
2008-01-03 19:51:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-03 15:59:35 0 d-------- C:\Documents and Settings\Kenneth\Application Data\WinPatrol
2008-01-03 15:59:04 0 d-------- C:\Program Files\BillP Studios
2008-01-02 09:14:22 7077888 --a------ C:\Documents and Settings\Kenneth\ntuser.dat
2007-12-30 22:12:28 0 d-------- C:\Documents and Settings\Kenneth\Application Data\BitTorrent
2007-12-30 22:12:25 0 d-------- C:\Documents and Settings\Kenneth\Application Data\DNA
-- Find3M Re----------2008-01-28 15:49:28 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Xfire
2008-01-27 21:16:49 0 d-------- C:\Program Files\Messenger
2008-01-27 21:16:49 0 d-------- C:\Program Files\Lexmark 4200 Series
2008-01-27 20:24:17 0 d-------- C:\Program Files\Yahoo!
2008-01-27 20:16:52 0 d-------- C:\Program Files\Java
2008-01-27 18:31:24 0 d-------- C:\Program Files\FlashGet
2008-01-27 16:10:09 0 d-------- C:\Program Files\Common Files
2008-01-27 16:09:53 0 d-------- C:\Program Files\MSN Messenger
2008-01-27 16:09:48 0 d-------- C:\Program Files\Dealio
2008-01-27 16:09:47 0 d-------- C:\Program Files\AIM6
2008-01-26 13:37:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-25 17:51:16 0 d-------- C:\Program Files\Xfire
2008-01-24 15:32:06 0 d-------- C:\Program Files\WarRock
2008-01-20 00:08:39 0 d-------- C:\Program Files\Real
2008-01-19 18:56:07 0 d-------- C:\Program Files\DivX
2008-01-16 17:41:58 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-01-12 22:39:43 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-04 19:58:47 0 d-------- C:\Documents and Settings\Kenneth\Application Data\MegauploadToolbar
2008-01-04 19:25:24 0 d-------- C:\Documents and Settings\Kenneth\Application Data\ATI
2008-01-03 16:47:42 0 d-------- C:\Program Files\MultiRes
2007-12-17 06:01:08 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Ventrilo
2007-12-14 23:18:06 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Viewpoint
2007-12-13 16:57:06 0 d-------- C:\Documents and Settings\Kenneth\Application Data\iMesh
2007-12-13 16:45:57 0 d-------- C:\Program Files\BearShare Applications
2007-12-13 07:47:01 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-07 09:23:46 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Adobe
2007-12-04 22:05:14 368640 --a------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2007-12-04 22:04:08 269312 --a------ C:\WINDOWS\system32\ati2dvag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver>
2007-12-04 21:56:02 147456 --a------ C:\WINDOWS\system32\atipdlxx.dll <Not Verified; ATI Technologies, Inc.; ATI Desktop Component>
2007-12-04 21:55:50 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll <Not Verified; ATI Technologies, Inc.; ATI Driver Interface Component>
2007-12-04 21:55:42 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update>
2007-12-04 21:55:34 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll <Not Verified; ATI Technologies, Inc.; ATI External Device Utility>
2007-12-04 21:55:20 122880 --a------ C:\WINDOWS\system32\ati2evxx.dll <Not Verified; ATI Technologies Inc.; ATI External Event Utility for Windows>
2007-12-04 21:53:09 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2007-12-04 21:33:47 1640192 --a------ C:\WINDOWS\system32\ativvaxx.dll <Not Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver>
2007-12-04 21:19:34 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll <Not Verified; ATI Technologies Inc.; ATI OpenGL driver>
2007-12-04 21:19:14 385024 --a------ C:\WINDOWS\system32\atikvmag.dll <Not Verified; ATI Technologies Inc.; Virtual Command And Memory Manager>
2007-12-04 21:17:21 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Not Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface>
2007-12-04 21:11:18 499712 --a------ C:\WINDOWS\system32\ati2cqag.dll <Not Verified; ATI Technologies Inc.; ATI Radeon Family>
2007-11-28 17:46:41 0 d-------- C:\Documents and Settings\Kenneth\Application Data\acccore
2007-11-28 17:45:30 0 d-------- C:\Program Files\Viewpoint
2007-11-28 17:44:55 0 d-------- C:\Program Files\Common Files\AOL
2007-11-21 03:02:00 98304 --a----c- C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-11-19 16:37:31 65536 --a------ C:\WINDOWS\IFinst27.exe
-- Registry ----------*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" []
"NvCplDaemon"="RUNDLL32.exe" [08/03/2004 11:56 PM C:\WINDOWS\system32\rundll32.exe]
"Flashget"="C:\Program Files\FlashGet\FlashGet .exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"WebCamRT.exe"="" []
"ISMModule7"="C:\Program Files\ISM\ISMModule7.exe" []
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" []
"Shsi"="C:\DOCUME~1\Kenneth\MYDOCU~1\WNSXS~1\msdtc.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.exe [2/17/1999 3:05:56 PM][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kenneth^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Kenneth\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kenneth^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Kenneth\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActiveSpeed]
C:\Program Files\Ascentive\ActiveSpeed\AS.exe -b[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
C:\Program Files\AGEIA Technologies\TrayIcon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
atiptaxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
C:\Program Files\Dealio\DealioAU.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer4_in_1]
"C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
"C:\Program Files\FlashGet\FlashGet.exe" /min[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\install]
C:\WINDOWS\WINDOWS\install.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Security Suite]
C:\Program Files\Verizon\Internet Security Suite\Freedom.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 4200 Series]
"C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MicroSys-CheckAjour]
C:\Program Files\Micro-Sys Software\Ajour\ChkAjour.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexonPlug]
C:\Nexon\NexonPlug\NexonPlug.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize2 Reminder]
C:\Program Files\PCPitstop\Optimize2\Reminder.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]
C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask .exe" -atboottime[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean]
C:\Program Files\RegClean\RegClean.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\tsitra11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6_Check]
"C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shsi]
"C:\PROGRA~1\COMMON~1\WNSXS~1\ati2evxx.exe" -vt ndrv[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon Internet Security Suite]
"C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe" -quiet[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"C:\Program Files\Zune\ZuneLauncher.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"RP_FWS"=2 (0x2)
"RPSUpdaterR"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"dvpapi"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ATI Smart"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"LexBceS"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
-- End of Deckard's System Scanner: finished at 2008-01-28 21:18:51 ------------
+1 | |
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
------------------------ System Informa-----
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: EnglishCPU 0: AMD Athlon(tm) XP 2800+
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 1023.48 MiB / 707.17 MiB
Pagefile Memory (total/avail): 1929.78 MiB / 1717.48 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.8 MiBA: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 4 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)\\.\PHYSICALDRIVE0 - ST340014A - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:-- Security Ce--------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.FW: Verizon Internet Security Suite Firewall v6.0.0 (Verizon) [COLOR=RED]Disabled[/COLOR]
AV: Verizon Internet Security Suite Anti-Virus v6.0.0 (Verizon) [COLOR=RED]Disabled[/COLOR][HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\StepMania CVS\\Program\\StepMania.exe"="C:\\Program Files\\StepMania CVS\\Program\\StepMania.exe:*:Enabled:StepMania"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
-- Environment Varia--ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kenneth\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MORGAN-65DCDKC6
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kenneth
LOGONSERVER=\\MORGAN-65DCDKC6
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\Kenneth\Application Data\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox 3 Beta 2;C:\WINDOWS\system32;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\CA\PPRT\bin;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kenneth\LOCALS~1\Temp
TMP=C:\DOCUME~1\Kenneth\LOCALS~1\Temp
USERDOMAIN=MORGAN-65DCDKC6
USERNAME=Kenneth
USERPROFILE=C:\Documents and Settings\Kenneth
VS80COMNTOOLS=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
windir=C:\WINDOWS
-- User Prof----------Kenneth [I](admin)[/I]
rob [I](admin)[/I]
Cindy [I](admin)[/I]
Guest [I](guest)[/I]
-- Add/Remove Prog------> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A75FFDA5-DAE0-4EB0-B785-84B042CDDE0C}\Setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
--> VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'
.sol Editor 1.1.0.1 --> C:\Program Files\Sol Edit\uninst.exe
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
2Moons --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BD67531-A957-4592-9743-A2761BB4AC28}\setup.exe" -l0x9 -removeonly
Acoustica Effects Pack --> C:\PROGRA~1\UNWISE.exe C:\PROGRA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.exe -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Archlord --> "C:\Program Files\Codemasters\Archlord\unins000.exe"
ATI Display Driver (Omega 3.8.442) --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Audition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6CB9AF08-79AE-4020-84A8-29CF15C67BD5}\Setup.exe" -l0x9
Authentium AntiVirus SDK - 2 --> MsiExec.exe /I{1ACE3F9D-CDA4-4F39-9605-334CF37A1579}
Battlefield 2(TM) Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}\setup.exe" -l0x9 -removeonly
Battlefield 2142 Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD347316-609E-4149-983C-84B40338D38A}\setup.exe" -l0x9 -removeonly
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CABAL Online v1.6 --> "C:\Program Files\CABAL Online(BRAZIL)\unins001.exe"
ChivalryMS Ver.05 --> "C:\Program Files\Private-Chivalry\ChivalryMS\unins000.exe"
Clear Cache feature for Internet Explorer --> MsiExec.exe /I{4E901875-0F15-44BA-89DE-94AA41A7F507}
Conquer 2.0 --> C:\Program Files\InstallShield Installation Information\{B6060381-5C28-4F86-A31A-B5ADA7A1BD8D}\setup.exe -runfromtemp -l0x0009 -removeonly
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.exe" -l0x9 /remove
Crimson Editor (remove only) --> C:\Program Files\Crimson Editor\uninstall.exe
croNous --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F270470B-D4A7-4EE2-B010-390E104443A7}\Setup.exe"
Daemons Ring GunZ --> C:\Program Files\Daemons Ring GunZ\Uninstal.exe
Dark Age of Camelot - Shrouded Isles --> "C:\Mythic\Isles\unins000.exe"
Dealio Toolbar 3.1.1 --> MsiExec.exe /X{F38E1EF1-BBD6-4743-AF84-021E26B0481C}
Deco Online --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABE960AB-45A7-4184-BA5A-EADAE2789FE8}\Setup.exe" -l0x9
Disney's Toontown Online --> C:\PROGRA~1\Disney\DISNEY~1\Toontown\UNWISE.exe /A C:\PROGRA~1\Disney\DISNEY~1\Toontown\INSTALL.LOG
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
FEARCombat --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75E607CF-7BAE-4B88-84B3-97F3DF44BA28}\setup.exe" -l0x9 /zU -removeonly
FlashGet 1.9.6.1073 --> C:\Program Files\FlashGet\uninst.exe
Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
Hero_Online --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41D5A562-2FE2-4CF2-AB03-62803FD7049F}\setup.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Kenneth\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ijji - Gunz --> C:\ijji\ENGLISH\Gunz\Uninstall.exe
ijji Auto Installer --> "C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
Immortals Online --> C:\WINDOWS\unvise32.exe C:\Program Files\Immortals Online\uninstal.log
Install(US)2 --> C:\Program Files\InstallShield Installation Information\{8A4D41F3-3EDA-4DAC-9403-839708EA0667}\setup.exe -runfromtemp -l0x0009 -removeonly
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kiran's Typing Tutor 1.0 --> "C:\Program Files\Kiran's Typing Tutor\unins000.exe"
Lexmark 4200 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBMUN5C.exe -dLexmark 4200 Series
Lexmark 4200 Series Fax Solutions --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{C439D065-5B64-4563-A6B9-1AA202633E13} /l1033 /z/U
Lexmark Software Uninstall --> C:\Program Files\Lexmark_HostCD\Install\x86\Uninstall.exe
M-Audio Micro --> C:\Program Files\InstallShield Installation Information\{27F891A3-53CC-43BF-B9FD-0EF504E829A8}\setup.exe -runfromtemp -l0x0009 -removeonly
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.exe C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe"
Malwarebytes' RogueRemover PRO --> "C:\Program Files\RogueRemover PRO\unins000.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
MapleStory --> MsiExec.exe /I{B68AD370-00ED-43F1-813C-F903F761D06B}
MegaUpload Toolbar --> C:\Program Files\MegauploadToolbar\uninstall.exe
Micro-Sys Ajour --> "C:\Program Files\Micro-Sys Software\Ajour\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual C++ 2005 Express Edition - ENU\setup.exe
Microsoft Visual C++ 2005 Express Edition - ENU --> MsiExec.exe /X{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0b2) --> C:\Program Files\Mozilla Firefox 3 Beta 2\uninstall\helper.exe
MP3 Rocket --> C:\Program Files\MP3 Rocket\Uninstall.exe
MP3 WAV WMA Converter --> C:\PROGRA~1\MP3WAV~1\UNWISE.exe C:\PROGRA~1\MP3WAV~1\INSTALL.LOG
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MultiRes (remove only) --> C:\Program Files\MultiRes\uninstal.exe
Neffy 1,2,0,12 --> C:\Program Files\Neffy\uninst.exe
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NOMAD MuVo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A75FFDA5-DAE0-4EB0-B785-84B042CDDE0C}\Setup.exe" -l0x9 /remove
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{DF821FC5-C198-452B-A0D4-82433EFEAE9B}
PerfectDisk --> MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PPSDKRedistributables --> MsiExec.exe /I{C869F4FF-E5FF-4FBB-9A31-33C23605E170}
Prentice Hall Physical Science Interactive Textbook CD-ROM --> MsiExec.exe /X{DFBEBE31-6C56-4B5F-88C2-FF827AFFDBC5}
Qonquer Online Client v4333 --> "C:\Program Files\Qonquer Online Client\unins000.exe"
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Radeon Omega Drivers v4.8.442 Setup Files and Tools --> "C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe" "/U:C:\Program Files\Radeon Omega Drivers\v4.8.442\Omega Uninstall.xml"
Radialpoint Security Services --> MsiExec.exe /X{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}
RadLinker --> MsiExec.exe /I{238ABEB6-42D2-4DD7-9928-DE8431519C61}
Rappelz_USA --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E144A786-D2DD-428B-9C1A-0EE3FA3515EA}\setup.exe" -l0x9 -removeonly
RegCure 1.3.0.2 --> C:\Program Files\RegCure\uninst.exe
Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
RPS Ad Blocker --> MsiExec.exe /I{E5BDD874-3A52-4681-9ADD-E8DF54F83EF3}
RPS AntiFraud --> MsiExec.exe /I{83097FE1-0B4D-4B49-9951-E4D0FC53F26E}
RPS AntiSpyware --> MsiExec.exe /I{9F2BB2E7-6F07-45EC-8257-B786A154CCB9}
RPS AntiVirus --> MsiExec.exe /I{9DE7BDDC-D1FF-4146-BC63-F43097CE9AA1}
RPS App Detector --> MsiExec.exe /I{3E5512A7-D741-4A4D-B5AF-EC8F7946C1DB}
RPS AsRealtime --> MsiExec.exe /I{2244539F-1C41-4BCA-9685-49D3F616901F}
RPS Backup --> MsiExec.exe /I{9F94D5D8-45F9-43F4-8614-88F51101373B}
RPS Burn --> MsiExec.exe /I{434B0CFC-BC40-4CED-870F-099BD9B6D5FA}
RPS Diagnostic Utility --> MsiExec.exe /I{3904FF03-EA23-4283-818B-DBF1231D9289}
RPS Firewall --> MsiExec.exe /I{56265773-2AD5-4608-AA02-1FC4A5B97712}
RPS ParentalControl --> MsiExec.exe /I{C306DA0A-4E9D-4B69-ABB7-36BB2E8B5849}
RPS Performance Tool --> MsiExec.exe /I{81C6EAEC-C26B-4C7C-8E60-44D70170C0E5}
RPS PopupBlocker --> MsiExec.exe /I{11D98A3D-A36A-423A-BA09-949A8AF31733}
RPS Privacy Manager --> MsiExec.exe /I{DBE46B09-DB5B-41D7-93D7-EC8595944D99}
RPS RpsCore --> MsiExec.exe /I{C306FE91-4146-4E74-9446-AEFD4C1C11D0}
RPS Security Cleanup --> MsiExec.exe /I{B5C0568A-1E16-45B5-A163-67F09B4B55BC}
RPS Zip --> MsiExec.exe /I{3FD4060B-96D6-47DC-AACC-C019AB1A8606}
Rumble Fighter --> "C:\Program Files\OGPlanet\RumbleFighter\uninstall.exe"
S3 S3Gamma2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Star Downloader Pro --> C:\PROGRA~1\STARDO~1\UNWISE.exe C:\PROGRA~1\STARDO~1\INSTALL.LOG
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
StepMania (remove only) --> "C:\Program Files\StepMania\uninstall.exe"
StepMania CVS 4.0 (remove only) --> "C:\Program Files\StepMania CVS\uninstall.exe"
Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962}
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins001.exe"
TeamSpeak 2 Server RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
UnInstall_SealOnlineUSA --> "C:\WINDOWS\IFinst27.exe" -UC:\Program Files\SealOnlineUSA\IFU1C.inf
Unreal Tournament 3 Demo --> "C:\Documents and Settings\Kenneth\Application Data\InstallShield Installation Information\{3266FEA9-98E9-448B-B235-DAC63D4CE781}\setup.exe" -runfromtemp -l0x0409 -removeonly
Unreal Tournament 3 Demo --> MsiExec.exe /X{3266FEA9-98E9-448B-B235-DAC63D4CE781}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Verizon Internet Security Suite --> C:\Program Files\InstallShield Installation Information\{409790BE-E8A2-445C-A816-60FFF0DDEF18}\Setup.exe -runfromtemp -l0x0009 -removeonly
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver --> VTsetvga.exe -s -rRundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\hg201hp.inf
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WarRock --> C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
Watson --> MsiExec.exe /I{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}
WinAVI Video Converter --> "C:\Program Files\WinAVI Video Converter\unins000.exe"
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.exe /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.exe /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
-- Application Event--Event Record #/Type4091 / Error
Event Submitted/Written: 01/28/2008 07:31:47 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module urlmon.dll, version 6.0.2900.3231, fault address 0x0003b5ce.
Processing media-specific event for [iexplore.exe!ws!]Event Record #/Type4065 / Warning
Event Submitted/Written: 01/27/2008 08:30:00 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{571700F0-DB9D-4B3A-B03D-35A14BB5939F}', feature 'MsgrFeat' failed during request for component '{C6638736-7004-4E1D-A5BC-30110004EFC5}'Event Record #/Type4064 / Warning
Event Submitted/Written: 01/27/2008 08:30:00 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{571700F0-DB9D-4B3A-B03D-35A14BB5939F}', feature 'MsgrFeat', component '{C6638736-7004-4E1D-A5BC-30110004EFC5}' failed. The resource 'C:\Program Files\MSN Messenger\msnmsgr.exe' does not exist.Event Record #/Type4063 / Error
Event Submitted/Written: 01/27/2008 08:16:08 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application msiexec.exe, version 3.1.4000.1823, faulting module unknown, version 0.0.0.0, fault address 0x10005a60.
Processing media-specific event for [msiexec.exe!ws!]Event Record #/Type4056 / Error
Event Submitted/Written: 01/27/2008 06:40:49 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.-- Security Event-----
No Errors/Warnings found.
-- System Event-------Event Record #/Type20861 / Error
Event Submitted/Written: 01/28/2008 09:10:10 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display typeEvent Record #/Type20860 / Error
Event Submitted/Written: 01/28/2008 09:09:03 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display typeEvent Record #/Type20859 / Error
Event Submitted/Written: 01/28/2008 09:09:01 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display typeEvent Record #/Type20858 / Error
Event Submitted/Written: 01/28/2008 09:08:40 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display typeEvent Record #/Type20857 / Error
Event Submitted/Written: 01/28/2008 09:08:40 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type-- End of Deckard's System Scanner: finished at 2008-01-28 21:18:51 ------------
+1 | |
Go to start> control panel> add/remove programs and uninstall these programs:
FlashGet 1.9.6.1073 (corrupt, redownlaod)
ijji
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
c:\docume~1\kenneth\locals~1\temp\oflpydin.sys
c:\windows\system32\xdva028.sys
c:\windows\system32\xdva030.sys
c:\windows\system32\xdva058.sys
c:\windows\system32\xdva062.sys
c:\windows\system32\xdva068.sys
c:\windows\system32\xtrapd12.sysDriver::
oflpydin
XDva028
XDva030
XDva058
XDva062
XDva068
XTrapD12
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\install]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6_Check]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".Post a new Combofix log.
+1 | |
ComboFix 08-01-23.1C - Kenneth 2008-01-29 5:03:11.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.625 [GMT -5:00]
Running from: C:\Documents and Settings\Kenneth\Desktop\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\Kenneth\Desktop\CFScript.txt
* Created a new restore point[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE
c:\docume~1\kenneth\locals~1\temp\oflpydin.sys
c:\windows\system32\xdva028.sys
c:\windows\system32\xdva030.sys
c:\windows\system32\xdva058.sys
c:\windows\system32\xdva062.sys
c:\windows\system32\xdva068.sys
c:\windows\system32\xtrapd12.sys
.((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 )))))))))))))))))))))))))))))))
.2008-01-28 21:16 . 2008-01-28 21:16 <DIR> d-------- C:\Deckard
2008-01-28 13:56 . 2008-01-28 13:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-28 13:56 . 2008-01-28 13:56 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-27 22:03 . 2008-01-27 22:03 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-27 22:02 . 2008-01-27 22:02 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-01-27 21:34 . 2008-01-27 21:34 <DIR> d-------- C:\Perfect World
2008-01-27 21:32 . 2007-09-19 10:14 <DIR> d-------- C:\Program Files\background
2008-01-27 21:28 . 2008-01-27 21:32 <DIR> d-------- C:\Program Files\Perfect World
2008-01-27 20:09 . 2008-01-27 20:09 <DIR> d-------- C:\Program Files\StepMania CVS
2008-01-27 18:14 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-01-27 15:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-27 08:57 . 2008-01-27 08:57 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-01-27 06:25 . 2008-01-27 06:25 1,994 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-27 06:24 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-27 06:24 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-27 06:24 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-27 06:24 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-27 06:24 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-27 06:24 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-26 14:16 . 2008-01-26 14:16 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-01-24 19:38 . 2008-01-24 19:40 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-01-24 15:19 . 2008-01-24 15:22 <DIR> d-------- C:\Program Files\MP3 WAV WMA Converter
2008-01-20 01:52 . 2008-01-20 01:52 96 --a------ C:\index.ini
2008-01-20 01:14 . 2008-01-20 01:14 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-20 00:21 . 2008-01-29 05:03 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
2008-01-20 00:09 . 2008-01-20 00:09 268 --ah----- C:\sqmdata01.sqm
2008-01-20 00:09 . 2008-01-20 00:09 244 --ah----- C:\sqmnoopt01.sqm
2008-01-20 00:07 . 2008-01-27 22:02 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-01-19 23:49 . 2008-01-19 23:49 2,014 -rah----- C:\WINDOWS\system32\drivers\hosts
2008-01-19 21:57 . 2008-01-19 23:18 174,592 --a------ C:\WINDOWS\system32\LEXPPS.exe
2008-01-19 20:41 . 2008-01-27 07:21 <DIR> d-------- C:\Temp
2008-01-18 10:35 . 2008-01-27 16:09 <DIR> d-------- C:\Program Files\iTunes
2008-01-18 10:35 . 2008-01-18 10:35 <DIR> d-------- C:\Program Files\iPod
2008-01-18 10:34 . 2008-01-18 10:34 <DIR> d-------- C:\Program Files\Bonjour
2008-01-18 10:33 . 2008-01-27 16:09 <DIR> d-------- C:\Program Files\QuickTime
2008-01-17 16:31 . 2008-01-17 16:43 <DIR> d-------- C:\Program Files\Crimson Editor
2008-01-17 07:04 . 2008-01-18 10:11 <DIR> d-------- C:\Program Files\MP3 Rocket
2008-01-16 12:01 . 2008-01-16 12:30 164 --a------ C:\install.dat
2008-01-16 11:48 . 2008-01-16 11:48 268 --ah----- C:\sqmdata02.sqm
2008-01-16 11:48 . 2008-01-16 11:48 244 --ah----- C:\sqmnoopt02.sqm
2008-01-15 21:53 . 2008-01-15 21:53 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-01-12 22:39 . 2005-08-11 15:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-01-10 19:29 . 2008-01-10 19:29 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-10 17:08 . 2008-01-10 17:08 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-01-10 17:00 . 2008-01-10 17:00 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-04 20:14 . 2008-01-04 20:14 <DIR> d-------- C:\Program Files\Radeon Omega Drivers
2008-01-04 19:25 . 2008-01-04 19:25 <DIR> d-------- C:\Program Files\ATI Technologies
2008-01-04 19:04 . 2008-01-04 19:25 <DIR> d-------- C:\WINDOWS\uninstall\DirectX Buster
2008-01-04 19:04 . 2008-01-04 19:04 <DIR> d-------- C:\WINDOWS\uninstall
2008-01-04 19:04 . 2008-01-04 19:25 <DIR> d-------- C:\Program Files\DirectX Buster
2008-01-04 18:32 . 2008-01-04 19:25 <DIR> d-------- C:\ATI(2)
2008-01-04 16:54 . 2008-01-04 19:31 <DIR> d-------- C:\Program Files\Microsoft DirectX SDK (November 2007)
2008-01-04 16:00 . 2007-08-22 21:06 352,256 --a------ C:\WINDOWS\system32\ATIDEMGX(2).dll
2008-01-03 15:59 . 2008-01-03 15:59 <DIR> d-------- C:\Program Files\BillP Studios
2008-01-02 16:42 . 2005-07-24 22:56 1,237,863 --a------ C:\WINDOWS\system32\ms98.cab
2008-01-02 16:42 . 2004-12-14 13:56 3,561 --a------ C:\WINDOWS\system32\HPMICE.PCX.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 10:00 --------- d-----w C:\Program Files\Java
2008-01-29 09:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 02:16 --------- d-----w C:\Program Files\Lexmark 4200 Series
2008-01-28 01:24 --------- d-----w C:\Program Files\Yahoo!
2008-01-27 19:30 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-25 22:51 --------- d-----w C:\Program Files\Xfire
2008-01-24 20:32 --------- d-----w C:\Program Files\WarRock
2008-01-20 05:08 --------- d-----w C:\Program Files\Real
2008-01-19 23:56 --------- d-----w C:\Program Files\DivX
2008-01-16 22:41 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-01-13 03:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-05 01:14 472,576 ----a-w C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-01-03 21:47 --------- d-----w C:\Program Files\MultiRes
2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-05 02:16 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-11-28 22:45 --------- d-----w C:\Program Files\Viewpoint
2007-11-28 22:44 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-19 21:37 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2007-07-26 01:01 3,580 ----a-w C:\Program Files\INSTALL.LOG
2001-09-28 21:00 164,864 -c--a-w C:\Program Files\UNWISE.exe
.
[code][/code]
----a-w 2,007,088 2008-01-27 20:09:59 C:\RECYCLER\S-1-5-21-507921405-1547161642-682003330-1004\Dc21\FlashGet .exe
((((((((((((((((((((((((((((( snapshot_2008-01-28_ 7.28.13.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-28 12:23:45 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-29 10:02:52 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-28 12:23:45 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-29 10:02:52 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-28 12:23:46 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-29 10:02:52 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
- 2008-01-28 12:23:46 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-29 10:02:52 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-28 12:23:46 6,938,624 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
+ 2008-01-29 10:02:52 6,938,624 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
- 2008-01-28 12:23:46 217,088 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-29 10:02:52 217,088 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"WebCamRT.exe"="" []
"ISMModule7"="C:\Program Files\ISM\ISMModule7.exe" [ ]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [ ]
"Shsi"="C:\DOCUME~1\Kenneth\MYDOCU~1\WNSXS~1\msdtc.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" []
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 33280 C:\WINDOWS\system32\rundll32.exe]
"Flashget"="C:\Program Files\FlashGet\FlashGet .exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.exe [1999-02-17 15:05:56 65588][HKLM\~\startupfolder\C:^Documents and Settings^Kenneth^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Kenneth\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^Kenneth^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Kenneth\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActiveSpeed]
C:\Program Files\Ascentive\ActiveSpeed\AS.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
C:\Program Files\AGEIA Technologies\TrayIcon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
--a------ 2006-02-21 20:05 344064 C:\WINDOWS\system32\atiptaxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
C:\Program Files\Dealio\DealioAU.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer4_in_1]
C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\FlashGet.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Security Suite]
C:\Program Files\Verizon\Internet Security Suite\Freedom.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 4200 Series]
--a------ 2008-01-20 01:45 57344 C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MicroSys-CheckAjour]
C:\Program Files\Micro-Sys Software\Ajour\ChkAjour.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-01-19 21:59 1694208 C:\Program Files\Messenger\msmsgs.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexonPlug]
C:\Nexon\NexonPlug\NexonPlug.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 12:22 86016 C:\WINDOWS\system32\NvMcTray.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize2 Reminder]
C:\Program Files\PCPitstop\Optimize2\Reminder.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]
C:\Program Files\Ascentive\Performance Center\ApcMain.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask .exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean]
C:\Program Files\RegClean\RegClean.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shsi]
C:\PROGRA~1\COMMON~1\WNSXS~1\ati2evxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon Internet Security Suite]
--a------ 2008-01-19 22:04 304632 C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
C:\Program Files\Zune\ZuneLauncher.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"RP_FWS"=2 (0x2)
"RPSUpdaterR"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"dvpapi"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ATI Smart"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"LexBceS"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 02:55]
R2 MAudioMicroService;M-Audio Micro Installer;C:\Program Files\M-Audio\M-Audio Micro\MAUSBMRInst.exe [2007-08-13 09:35]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S3 geebers12;geebers12;C:\Documents and Settings\Kenneth\Desktop\blorbslayerengine\nvid888.sys []
S3 Intels51;Intel(R) 536EP V.92 Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2002-05-10 08:31]
S3 MAUSBML;Service for M-Audio Micro (WDM);C:\WINDOWS\system32\DRIVERS\mausbmr.sys [2007-04-27 09:38]
S3 MS1000;MS1000;C:\WINDOWS\system32\DRIVERS\MS1000.sys [2008-01-27 08:57]
S3 Radialpoint Security Services;Verizon Internet Security Suite;C:\WINDOWS\system32\dllhost.exe [2004-08-03 23:56]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 22:40:52 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-29 08:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert .ex
- C:\Program Files\AdwareAlert
"2008-01-17 01:56:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-29 09:16:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.exe
"2008-01-29 08:30:00 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
- C:\Program Files\RegClean
"2008-01-29 10:09:12 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-24 09:10:51 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 05:09:38
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2008-01-29 5:13:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-29 10:13:40
ComboFix2.txt 2008-01-28 12:28:52
ComboFix3.txt 2008-01-28 02:22:05
ComboFix4.txt 2008-01-28 00:04:22
.
2008-01-28 12:36:41 --- E O F ---
+1 | |
Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\RECYCLER\S-1-5-21-507921405-1547161642-682003330-1004\Dc21\FlashGet .exe
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".Post a new Combofix log.
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download ATF Cleaner from this link:
ATF CleanerRun ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.This should fix the red X.
Go to start> run> type in notepad > ok. Copy paste the following into notepad making [autorun] the very top line:
[autorun]
ICON=C:\WINDOWS\SYSTEM\SHELL32.DLL,8
Click "save as"> then using the drop down arrow on the far right of the "save in" window select Local Disk C: to be displayed in the "save in" window.
Next type "C:\autorun.inf" (you must use the quotes) in the file name window> click save.
Restart the computer.
Run an online scan with Kaspersky from the following link:
Kaspersky Online ScannerNote: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.
+1 | |
Scan
----
Scanned: 282960
Detected: 20
Untreated: 20
Start time: 1/29/2008 7:21:47 AM
Duration: 07:40:25
Finish time: 1/29/2008 3:02:12 PM
Signatures published: 1/29/2008 3:57:02 AM
Detected
--------
Status Object
------ ------
detected: Trojan program Trojan-Downloader.WMA.Wimad.d File: C:\Documents and Settings\Cindy\Incomplete\T-112886-_PANTHEON_ gensis SVCD 19.wma
detected: Trojan program Trojan-Downloader.WMA.Wimad.d File: C:\Documents and Settings\Cindy\Incomplete\T-171592-_better version_ gensis by iNCiTE 50.wma
detected: Trojan program Trojan-Downloader.WMA.Wimad.d File: C:\Documents and Settings\Cindy\Incomplete\T-172094-_MiRROR_ gensis -latest- 07.wma
detected: Trojan program Trojan-Downloader.WMA.Wimad.d File: C:\Documents and Settings\Cindy\Incomplete\T-176654-01 - gensis _192kbps_ 52.wma
detected: Trojan program Trojan-Downloader.WMA.Wimad.d File: C:\Documents and Settings\Cindy\Incomplete\T-213423-_Myth_ gensis (Latest) 09.wma
detected: Trojan program Trojan-Downloader.WMA.Wimad.d File: C:\Documents and Settings\Cindy\Incomplete\T-217634-_STRiKE _ gensis ViDeO 41.wma
detected: Trojan program Trojan-Downloader.WMA.Wimad.d File: C:\Documents and Settings\Cindy\Shared\!! gensis !! 31.wma
detected: Trojan program Trojan-Downloader.WMA.Wimad.d File: C:\Documents and Settings\Cindy\Shared\(DivXfacTory) gensis (working) 30.wma
detected: Trojan program Trojan-Downloader.WMA.Wimad.d File: C:\Documents and Settings\Cindy\Shared\(ECHOS) gensis (Crack) 20.wma
detected: Trojan program Trojan-Downloader.WMA.Wimad.d File: C:\Documents and Settings\Cindy\Shared\(iNC) gensis (Better Version) 53.wma
detected: Trojan program Trojan-Downloader.WMA.Wimad.d File: C:\Documents and Settings\Cindy\Shared\(MEDiAMANiACS) gensis -new version- 40.wma
detected: Trojan program Trojan-Downloader.WMA.Wimad.d File: C:\Documents and Settings\Cindy\Shared\(RiSC) gensis iSO 51.wma
detected: Trojan program Trojan-Downloader.WMA.Wimad.d File: C:\Documents and Settings\Cindy\Shared\----- gensis ----- 42.wma
detected: Trojan program Trojan-Downloader.WMA.Wimad.d File: C:\Documents and Settings\Cindy\Shared\by iHATE.. gensis iSO 18.wma
detected: Trojan program Trojan-Downloader.WMA.Wimad.m File: C:\Documents and Settings\Cindy\Shared\gensis.wm
detected: Trojan program Trojan-Downloader.WMA.Wimad.d File: C:\Documents and Settings\Cindy\Shared\Shy gensis [New Version] 29.wma
detected: Trojan program Trojan-Downloader.WMA.Wimad.d File: C:\Documents and Settings\Cindy\Shared\[LiveStream] gensis @265kbps 08.wma
detected: Trojan program Trojan-Dropper.Win32.Agent.dgo File: C:\QooBox\Quarantine\C\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe.tmp.vir
detected: Trojan program Trojan-Dropper.Win32.Agent.dgo File: C:\QooBox\Quarantine\C\WINDOWS\system32\RCX351.tmp.vir
detected: Trojan program Trojan-Downloader.Win32.VB.cge File: C:\QooBox\Quarantine\C\WINDOWS\system32\nGpxx01\nGpxx011065.exe.vir
Events
------
Time Name Status Reason
---- ---- ------ ------
Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
--------------- ---------
Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology Yes
Enable iSwift technology Yes
Record information about dangerous objects to program statistics Yes
+1 | |
Open Notepad and copy/paste everything between the X"s into it and make sure "Folder::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Folder::
C:\Qoobox
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".You still have a few infected music files, running Bitdefender will most likely remove the viri but will also most likely delete the infected files in the Kaspersky scan. You scould run the Bitdefender scan and redownload the music.
Please run the BitDefender online scan this link:
Bitdefender Online Scanner
You will need to allow an active x install for the scan to run.
Leave the scanning options at default and press "click here to scan"
When finished scanning, click on "click here to export the scan report"
Save it to your desktop, at "file name" type in "bdscan" then click save.
Post a log in your reply.
 |
 Internet/firewall Disable...
|
pos.tmp files on c drive ...
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
