kohu
-
Content Count
50 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by kohu
-
-
wait, nevermind, I ran it again without my firewall on, and heres the log. internet still doesn't work. I can't seem to get an IP adress, and it still doesn't work when i setup a static one. I'm trying to connect using a wireless router, no wired connection at all. However my other computer, (the one I'm using now) can connect to the router just fine.
ComboFix 08-02.01.6 - Pete's 2008-02-01 13:56:42.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1013 [GMT -8:00]
Running from: C:\Documents and Settings\Pete's\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
.
---- Previous Run -------
.
C:\check_LSA7.txt
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\b103.exe.bin
C:\WINDOWS\b136.exe.bin
C:\WINDOWS\system32\aduttakp.exe
C:\WINDOWS\system32\awturqo.dll
C:\WINDOWS\system32\bnrfil.dll
C:\WINDOWS\system32\bsnlst.dll
C:\WINDOWS\system32\ecllrobv.ini
C:\WINDOWS\system32\evbgpwcl.dll
C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\igefil.dll
C:\WINDOWS\system32\kvkefcjf.dll
C:\WINDOWS\system32\lastupdate.dll
C:\WINDOWS\system32\macfil.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\mp3fil.dll
C:\WINDOWS\system32\nfil.dll
C:\WINDOWS\system32\opatlfkh.ini
C:\WINDOWS\system32\picsfil.dll
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\snetfil.dll
C:\WINDOWS\system32\srchfrgn.dll
C:\WINDOWS\system32\srchout.dll
C:\WINDOWS\system32\vborllce.dll
----- BITS: Possible infected sites -----
hxxp://au.download.windowsupdate.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.
2008-01-31 17:10 . 2008-01-31 20:18 <DIR> d-------- C:\Program Files\Thoosje Sidebar V2.3
2008-01-31 12:34 . 2008-01-31 12:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-31 12:24 . 2008-01-31 12:24 <DIR> d-------- C:\Program Files\Bonjour
2008-01-31 11:55 . 2008-01-31 11:55 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-30 15:12 . 2008-01-30 15:18 <DIR> d-------- C:\WINDOWS\vbSkinner
2008-01-30 15:12 . 2008-01-30 15:20 <DIR> d-------- C:\Program Files\PFConfig
2008-01-26 17:47 . 2008-01-26 17:47 <DIR> d-------- C:\Program Files\Cucusoft
2008-01-26 17:47 . 2008-01-26 19:34 <DIR> d-------- C:\ConverterOutput
2008-01-19 13:49 . 2008-01-19 14:03 <DIR> d-------- C:\Program Files\01-mp3search
2008-01-19 11:30 . 2008-01-19 11:30 244 --ah----- C:\sqmnoopt00.sqm
2008-01-19 11:30 . 2008-01-19 11:30 232 --ah----- C:\sqmdata00.sqm
2008-01-18 15:55 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-01-18 15:54 . 2008-01-18 15:54 <DIR> d-------- C:\Program Files\The Rosetta Stone
2008-01-15 20:17 . 2008-01-15 20:28 <DIR> d-------- C:\Program Files\SBPaper
2008-01-15 16:43 . 2008-01-30 20:13 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2008-01-15 16:43 . 2008-01-15 16:43 <DIR> d-------- C:\Program Files\WinFlip
2008-01-15 16:43 . 2008-01-15 16:43 <DIR> d-------- C:\Program Files\VisualTooltip
2008-01-15 16:43 . 2008-01-30 20:18 <DIR> d-------- C:\Program Files\ViStart
2008-01-15 16:43 . 2008-01-30 19:18 <DIR> d-------- C:\Program Files\Vista Sidebar
2008-01-15 16:43 . 2008-01-15 16:43 <DIR> d-------- C:\Program Files\ViOrb
2008-01-15 16:43 . 2008-01-15 16:43 <DIR> d-------- C:\Program Files\TrueTransparency
2008-01-15 16:43 . 2008-01-15 16:43 <DIR> d-------- C:\Program Files\Styler
2008-01-15 16:43 . 2008-01-15 16:43 <DIR> d-------- C:\Program Files\LClock
2008-01-15 16:43 . 2008-01-15 16:43 <DIR> d-------- C:\Documents and Settings\Pete's\Application Data\Styler
2008-01-15 16:43 . 2007-04-15 01:30 6,181,376 --a------ C:\WINDOWS\system32\vistaui.exe
2008-01-15 16:43 . 2007-11-30 05:56 329,029 --a------ C:\WINDOWS\system32\viwc.exe
2008-01-15 16:43 . 2004-09-20 01:27 172,032 --a------ C:\WINDOWS\system32\LClock.cpl
2008-01-15 16:43 . 2007-11-25 22:11 49,208 --a------ C:\WINDOWS\system32\vistartup.bmp
2008-01-15 16:37 . 2008-01-15 16:37 78,942 --a------ C:\WINDOWS\Icon_1.ico
2008-01-15 16:36 . 2008-01-30 19:34 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-01-15 16:36 . 2008-01-15 16:44 <DIR> d-------- C:\VTPFiles
2008-01-15 16:36 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2008-01-15 16:36 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
2008-01-15 16:36 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2008-01-14 20:51 . 2008-01-19 13:56 <DIR> d-------- C:\True Enough Re-loaded
2008-01-14 18:17 . 2008-01-14 18:17 <DIR> d-------- C:\Vistart
2008-01-14 14:29 . 2008-01-14 14:46 <DIR> d-------- C:\Documents and Settings\Pete's\Application Data\ViStart
2008-01-12 15:26 . 2008-01-12 15:26 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-01-10 16:10 . 2008-01-10 16:10 <DIR> d-------- C:\WINDOWS\system32\Dump
2008-01-09 20:19 . 2008-01-09 20:19 <DIR> d-------- C:\Program Files\Outspark
2008-01-07 16:43 . 2008-01-11 15:20 <DIR> d-------- C:\Documents and Settings\Pete's\Builds
2008-01-06 15:50 . 2008-01-06 17:29 <DIR> d-------- C:\Program Files\RegCure
2008-01-02 09:54 . 2008-01-03 15:14 <DIR> d-------- C:\Documents and Settings\Pete's\Application Data\Uniblue
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 21:01 --------- d-----w C:\Documents and Settings\Pete's\Application Data\uTorrent
2008-01-31 20:24 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-30 22:47 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-01-30 22:47 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-01-30 00:44 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-01-27 03:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-27 03:10 --------- d-----w C:\Program Files\Common Files\FotoNation
2008-01-23 20:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 20:05 --------- d-----w C:\Documents and Settings\Pete's\Application Data\My Games
2008-01-23 20:04 --------- d-----w C:\Program Files\Real
2008-01-23 20:02 --------- d-----w C:\Documents and Settings\Pete's\Application Data\InstallShield Installation Information
2008-01-23 19:57 --------- d-----w C:\Program Files\Microsoft Games
2008-01-23 19:48 --------- d-----w C:\Program Files\DS Stuff
2008-01-18 01:24 --------- d-----w C:\Program Files\uTorrent
2008-01-11 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Outspark
2008-01-10 03:23 --------- d-----w C:\Program Files\Fiesta
2008-01-07 01:34 --------- d-----w C:\Program Files\lx_cats
2007-12-31 22:29 --------- d-----w C:\Program Files\Common Files\DirectX
2007-12-31 20:32 --------- d-----w C:\Program Files\Azureus
2007-12-31 03:21 --------- d-----w C:\Program Files\DAP
2007-12-31 03:16 --------- d-----w C:\Documents and Settings\Pete's\Application Data\Azureus
2007-12-31 03:13 --------- d-----w C:\Program Files\SpeedOptimizer
2007-12-31 03:08 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2007-12-31 03:05 --------- d-----w C:\Program Files\AskPBar
2007-12-29 18:54 --------- d-----w C:\Documents and Settings\Pete's\Application Data\Comodo
2007-12-29 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Comodo
2007-12-26 08:55 --------- d-----w C:\Program Files\PowerISO
2007-12-24 22:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI MMC
2007-12-24 17:07 --------- d-----w C:\Program Files\Common Files\Stardock
2007-12-22 23:32 --------- d-----w C:\Documents and Settings\Pete's\Application Data\Realtime Soft
2007-12-22 19:05 --------- d-----w C:\Program Files\Stardock
2007-12-22 05:55 --------- d-----w C:\Program Files\Osu!
2007-12-22 02:40 --------- d-----w C:\Program Files\Sony
2007-12-22 02:28 --------- d-----w C:\Program Files\Avi2Dvd
2007-12-20 04:55 --------- d-----w C:\Program Files\M-Audio Uno
2007-12-20 01:21 --------- d-----w C:\Program Files\VOCALOID
2007-12-19 00:55 --------- d-----w C:\Program Files\Sony Setup
2007-12-17 04:03 --------- d-----w C:\Documents and Settings\Pete's\Application Data\Sony
2007-12-17 03:55 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-12-17 03:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-12-15 22:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-12-08 04:17 --------- d-----w C:\Program Files\Common Files\Macromedia
2007-12-08 04:15 --------- d-----w C:\Program Files\Macromedia
2007-12-08 02:24 --------- d-----w C:\Program Files\IrfanView
2007-12-08 01:40 --------- d-----w C:\Program Files\Windows Live
2007-12-08 01:39 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-08 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-04 01:20 --------- d-----w C:\Program Files\StepMania
2007-12-04 00:26 --------- d-----w C:\Program Files\Game Elements PC Recoil Pad
2007-12-02 21:21 --------- d-----w C:\Documents and Settings\Pete's\Application Data\DVD Flick
2007-12-01 18:14 --------- d-----w C:\Program Files\DVD Flick
2007-12-01 18:03 --------- d-----w C:\Program Files\Wise DVD to MPEG Converter
2007-12-01 17:39 --------- d-----w C:\Program Files\PowerImage
2007-11-22 18:38 139,008 ----a-w C:\WINDOWS\system32\guard32.dll
2007-11-13 22:48 91,078 ----a-w C:\WINDOWS\system32\adwfil.dll
2007-11-13 22:48 9,796 ----a-w C:\WINDOWS\system32\gnfil.dll
2007-11-13 22:48 9,634 ----a-w C:\WINDOWS\system32\pkmon.dll
2007-11-13 22:48 8,652 ----a-w C:\WINDOWS\system32\jbfil.dll
2007-11-13 22:48 7,778 ----a-w C:\WINDOWS\system32\movfil.dll
2007-11-13 22:48 7,642 ----a-w C:\WINDOWS\system32\auctfil.dll
2007-11-13 22:48 6,830 ----a-w C:\WINDOWS\system32\swfil.dll
2007-11-13 22:48 6,050 ----a-w C:\WINDOWS\system32\wrestfil.dll
2007-11-13 22:48 5,782 ----a-w C:\WINDOWS\system32\vgamfil.dll
2007-11-13 22:48 5,180 ----a-w C:\WINDOWS\system32\iawfil.dll
2007-11-13 22:48 4,442 ----a-w C:\WINDOWS\system32\hatfil.dll
2007-11-13 22:48 4,162 ----a-w C:\WINDOWS\system32\viofil.dll
2007-11-13 22:48 3,444 ----a-w C:\WINDOWS\system32\srchin.dll
2007-11-13 22:48 3,286 ----a-w C:\WINDOWS\system32\lgwfil.dll
2007-11-13 22:48 22,618 ----a-w C:\WINDOWS\system32\perfil.dll
2007-11-13 22:48 17,488 ----a-w C:\WINDOWS\system32\nvgamfil.dll
2007-11-13 22:48 16,802 ----a-w C:\WINDOWS\system32\popfil.dll
2007-11-13 22:48 157,916 ----a-w C:\WINDOWS\system32\pxyfil.dll
2007-11-13 22:48 14,712 ----a-w C:\WINDOWS\system32\tafil.dll
2007-11-13 22:48 13,154 ----a-w C:\WINDOWS\system32\finfil.dll
2007-11-13 22:48 13,070 ----a-w C:\WINDOWS\system32\gblfil.dll
2007-11-13 22:48 12,730 ----a-w C:\WINDOWS\system32\psyfil.dll
2007-11-13 22:48 12,422 ----a-w C:\WINDOWS\system32\entfil.dll
2007-11-13 22:48 12,266 ----a-w C:\WINDOWS\system32\sporfil.dll
2007-11-13 22:48 11,338 ----a-w C:\WINDOWS\system32\fmfil.dll
2007-11-13 22:48 10,906 ----a-w C:\WINDOWS\system32\chtfil.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 02:52 484 ----a-w C:\Program Files\Shortcut to DS Stuff.lnk
2007-11-07 02:24 631,990 ----a-w C:\WINDOWS\nintendo-ds-lite-pack-crystalxp.net-en-993.zip
2007-02-27 00:05 48 ----a-w C:\Documents and Settings\Pete's\snesadvance.dat
2006-08-19 13:32 19,811 ----a-w C:\Documents and Settings\Pete's\DDRLite Converter.exe
2006-08-06 20:07 54 ----a-w C:\Documents and Settings\Pete's\gamepadcontrols.dat
2006-01-27 23:56 43,826 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_01_27_05_30_03_small.dmp.zip
2006-01-27 23:56 41,663 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_01_27_05_29_58_small.dmp.zip
2005-09-09 02:11 12,421,760 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_09_08_19_05_05.dmp.zip
2005-08-03 02:33 12,425,219 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_08_02_07_11_41.dmp.zip
2005-07-16 16:16 12,416,737 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_07_16_09_12_35.dmp.zip
2005-07-15 22:50 12,419,448 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_07_15_15_43_51.dmp.zip
2005-07-11 05:11 12,418,259 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_07_10_19_57_02.dmp.zip
2006-03-26 20:25 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
2004-09-26 00:27 56 --sh--r C:\WINDOWS\system32\7ADF967E6C.sys
2004-09-26 00:27 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27 65536]
"Vista Sidebar"="C:\Program Files\Vista Sidebar\sidebar.exe" [2007-11-20 13:51 524288]
"ScottsPaperManager"="C:\Program Files\SBPaper\paper.exe" [2007-05-25 10:18 935424]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [2007-11-19 13:01 163840]
"ViStart"="C:\Documents and Settings\Pete's\Desktop\Other apps\vistart_2502_english_skin_default\ViStart" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C2K"="C:\WINDOWS\Cyb2k.exe" [2004-08-03 09:47 2649088]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 12:48 286720]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 02:06 79224]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 06:54 65536]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-12-29 11:20 1115728]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-25 18:07 180269]
C:\Documents and Settings\Pete's\Start Menu\Programs\Startup\
Thoosje Vista Sidebar.lnk - C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe [2007-10-21 16:28:57 524288]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"= C:\WINDOWS\system32\RadExe.dll [2005-04-27 03:49 200704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-12-21 21:24 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Pete's^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-11-30 21:10 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
--a------ 2004-01-09 01:34 32768 c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C2K]
--a------ 2004-08-03 09:47 2649088 C:\WINDOWS\Cyb2k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 23:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2007-12-30 19:08 4576768 C:\Program Files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
--a------ 2006-02-07 00:10 98304 C:\Program Files\Lexmark 2400 Series\ezprint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2005-01-12 13:54 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 22:11 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a------ 2003-08-21 03:15 483328 C:\WINDOWS\System32\hphmon05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
--a------ 2003-08-21 03:23 49152 c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-07 16:04 52736 c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]
--a------ 2001-10-16 10:10 258118 C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-07-31 17:44 271672 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 15:44 61440 C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-06-05 06:06 188416 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2004-04-14 12:43 233472 C:\WINDOWS\SMINST\RECGUARD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2007-06-21 13:06 1318912 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-10-04 18:23 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-08-25 18:07 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UltraMon]
C:\Program Files\UltraMon\UltraMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 09:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 01:01 110592 c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2004-01-15 20:33 49152 C:\WINDOWS\system32\VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinVNC4"=2 (0x2)
"EPSONStatusAgent2"=2 (0x2)
R1 BUFADPT;BUFADPT;C:\WINDOWS\system32\BUFADPT.SYS [2005-07-06 13:52]
R2 UnoInstallerService;Uno Installer;C:\Program Files\M-Audio Uno\UnoInst.exe [2004-12-04 01:06]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]
R3 dsreader;MaxDrive Driver (dsreader.sys);C:\WINDOWS\system32\Drivers\dsreader.sys [2001-01-02 22:53]
S1 rxp;rxp;C:\WINDOWS\system32\drivers\rxp.sys []
S3 EVOLUSB;%EVOL_USB_SvcDesc%;C:\WINDOWS\system32\drivers\evolusb.sys []
S3 pnicml;pnicml;C:\DOCUME~1\Owner\LOCALS~1\Temp\pnicml.sys []
S3 samhid;samhid;C:\WINDOWS\system32\drivers\samhid.sys [2006-01-07 12:09]
S3 u2kg54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-06-22 10:15]
S3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys []
S3 XDva075;XDva075;C:\WINDOWS\system32\XDva075.sys []
.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 05:40:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-01 21:36:15 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-29 01:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-23 23:09:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-02 17:54:20 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 14:02:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-01 14:03:51
ComboFix-quarantined-files.txt 2008-02-01 22:03:24
.
2008-01-10 02:47:26 --- E O F ---
-
didn't work, still can't connect. And thats all thats in the log.
-
ugh,
I didn't run combofix, so I did justr now, after it restated and finished, I couldn't connect to the internet, and I have no backups in my system restore. heres the log i got though.
ComboFix 08-02.01.6 - Pete's 2008-02-01 12:14:25.3 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1203 [GMT -8:00]
Running from: C:\Documents and Settings\Pete's\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\b103.exe.bin
C:\WINDOWS\b136.exe.bin
C:\WINDOWS\system32\aduttakp.exe
C:\WINDOWS\system32\awturqo.dll
C:\WINDOWS\system32\bnrfil.dll
C:\WINDOWS\system32\bsnlst.dll
C:\WINDOWS\system32\ecllrobv.ini
C:\WINDOWS\system32\evbgpwcl.dll
C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\igefil.dll
C:\WINDOWS\system32\kvkefcjf.dll
C:\WINDOWS\system32\lastupdate.dll
C:\WINDOWS\system32\macfil.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\mp3fil.dll
C:\WINDOWS\system32\nfil.dll
C:\WINDOWS\system32\opatlfkh.ini
C:\WINDOWS\system32\picsfil.dll
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\snetfil.dll
C:\WINDOWS\system32\srchfrgn.dll
C:\WINDOWS\system32\srchout.dll
C:\WINDOWS\system32\vborllce.dll
----- BITS: Possible infected sites -----
hxxp://au.download.windowsupdate.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.
-
VundoFix V6.5.6
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 3:38:25 PM 7/25/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.5.9
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 5:27:42 PM 10/3/2007
Listing files found while scanning....
C:\windows\system32\acyveqdm.ini
C:\windows\system32\aggvaorn.dll
C:\windows\system32\aglsjgsq.dll
C:\windows\system32\ahadrepr.dll
C:\windows\system32\akvxhcfv.dll
C:\windows\system32\aorvyaqt.ini
C:\WINDOWS\system32\awvtr.dll
C:\windows\system32\ayldidqg.ini
C:\windows\system32\ayxnnfgr.ini
C:\windows\system32\bbvckdpp.ini
C:\windows\system32\binqsyqw.dll
C:\windows\system32\bjyufmfi.ini
C:\windows\system32\bqyyrevi.ini
C:\windows\system32\btjdryrr.dll
C:\windows\system32\bybtpite.dll
C:\windows\system32\bydrafbu.ini
C:\windows\system32\ceownxft.dll
C:\windows\system32\chjkemhj.ini
C:\windows\system32\clnlelfd.dll
C:\WINDOWS\system32\coxsgffg.dll
C:\windows\system32\cqqmhnwr.ini
C:\windows\system32\dcpgmlpy.dll
C:\windows\system32\dflelnlc.ini
C:\windows\system32\difpuoew.dll
C:\windows\system32\dlbudeas.dll
C:\windows\system32\dmxejgoi.ini
C:\windows\system32\dpyhlpxv.dll
C:\windows\system32\drdlommt.dll
C:\windows\system32\drnjxljn.ini
C:\windows\system32\drqsfxvm.ini
C:\windows\system32\eervjfyx.dll
C:\windows\system32\ejmvqbyv.dll
C:\windows\system32\ekpgbiyn.ini
C:\windows\system32\embxsohx.ini
C:\windows\system32\emlvkxij.dll
C:\windows\system32\ensjjknj.dll
C:\windows\system32\eqfftdqr.dll
C:\windows\system32\etiptbyb.ini
C:\windows\system32\evdrcnft.ini
C:\windows\system32\eysxdeyr.dll
C:\windows\system32\fcaminff.dll
C:\windows\system32\fcxqoiex.ini
C:\windows\system32\fdxxnelg.ini
C:\windows\system32\ffnimacf.ini
C:\windows\system32\ffrwohdj.ini
C:\windows\system32\fhssyspr.ini
C:\windows\system32\fnlkgupm.ini
C:\windows\system32\frxqypvp.ini
C:\windows\system32\fsxfysss.dll
C:\windows\system32\ftbuikuj.dll
C:\windows\system32\fvuielst.dll
C:\windows\system32\ghlorpmp.dll
C:\windows\system32\glenxxdf.dll
C:\windows\system32\gnipaxix.dll
C:\windows\system32\gqdidlya.dll
C:\windows\system32\hfyhwwlu.ini
C:\windows\system32\hngoeehn.dll
C:\windows\system32\hsmyuiym.ini
C:\windows\system32\hvwvedpq.dll
C:\windows\system32\ifmfuyjb.dll
C:\windows\system32\ihyeawiu.dll
C:\windows\system32\iogjexmd.dll
C:\windows\system32\iveryyqb.dll
C:\windows\system32\ixxvtvxm.ini
C:\windows\system32\jdhowrff.dll
C:\windows\system32\jewafmsx.ini
C:\windows\system32\jhmekjhc.dll
C:\windows\system32\jixkvlme.ini
C:\windows\system32\jjjdcrep.ini
C:\windows\system32\jnkjjsne.ini
C:\windows\system32\jolwnndo.dll
C:\windows\system32\jqeppbjx.dll
C:\windows\system32\jukiubtf.ini
C:\windows\system32\kbacmjbo.dll
C:\windows\system32\kjhpmtkw.dll
C:\windows\system32\kjshanat.ini
C:\windows\system32\kttgkakl.dll
C:\windows\system32\kuvqdujv.dll
C:\windows\system32\kvkwlncr.dll
C:\windows\system32\ldmvlcns.ini
C:\windows\system32\lhwrkdbt.dll
C:\windows\system32\lkakgttk.ini
C:\windows\system32\lkemsolv.dll
C:\WINDOWS\system32\lubphvcu.dll
C:\windows\system32\luunjajp.ini
C:\windows\system32\mdqevyca.dll
C:\windows\system32\mgavwain.dll
C:\windows\system32\mitsenpn.ini
C:\windows\system32\mjglnelx.ini
C:\windows\system32\mpugklnf.dll
C:\windows\system32\mqkwdqns.dll
C:\windows\system32\mrohsivq.ini
C:\windows\system32\mvxfsqrd.dll
C:\windows\system32\mxvtvxxi.dll
C:\windows\system32\myafaokt.ini
C:\windows\system32\myiuymsh.dll
C:\windows\system32\nbuyciep.dll
C:\WINDOWS\system32\nbytahug.dll
C:\windows\system32\ncirjmkv.dll
C:\windows\system32\nhatropy.ini
C:\windows\system32\nheeognh.ini
C:\windows\system32\nhntmorq.ini
C:\windows\system32\niawvagm.ini
C:\windows\system32\njlxjnrd.dll
C:\windows\system32\nkjwaavh.exe
C:\windows\system32\npnestim.dll
C:\windows\system32\nqmvsnfq.ini
C:\windows\system32\nroavgga.ini
C:\windows\system32\nyibgpke.dll
C:\windows\system32\objmcabk.ini
C:\windows\system32\odnnwloj.ini
C:\windows\system32\ohlpxlws.dll
C:\windows\system32\onwsiivp.ini
C:\windows\system32\ooufpkwr.ini
C:\windows\system32\ouinjiqr.dll
C:\windows\system32\pbbniabv.dll
C:\windows\system32\peicyubn.ini
C:\windows\system32\percdjjj.dll
C:\windows\system32\piomrlyu.ini
C:\windows\system32\pjajnuul.dll
C:\windows\system32\pjvbrogt.dll
C:\windows\system32\pluwwilv.dll
C:\windows\system32\pmprolhg.ini
C:\windows\system32\ppdkcvbb.dll
C:\windows\system32\pviiswno.dll
C:\windows\system32\pvpyqxrf.dll
C:\windows\system32\pxjjjaax.dll
C:\windows\system32\qbqvocnq.dll
C:\windows\system32\qesahwmq.ini
C:\windows\system32\qfnsvmqn.dll
C:\windows\system32\qmwhaseq.dll
C:\windows\system32\qncovqbq.ini
C:\windows\system32\qpdevwvh.ini
C:\windows\system32\qromtnhn.dll
C:\windows\system32\qsgjslga.ini
C:\windows\system32\qubdmgps.dll
C:\windows\system32\qvishorm.dll
C:\windows\system32\rcnlwkvk.ini
C:\windows\system32\rcrwxhvs.dll
C:\windows\system32\rgfnnxya.dll
C:\windows\system32\rooksxis.dll
C:\windows\system32\rperdaha.ini
C:\windows\system32\rpsysshf.dll
C:\windows\system32\rqdtffqe.ini
C:\windows\system32\rqijniuo.ini
C:\windows\system32\rryrdjtb.ini
C:\WINDOWS\system32\rtvwa.bak1
C:\WINDOWS\system32\rtvwa.bak2
C:\WINDOWS\system32\rtvwa.ini
C:\WINDOWS\system32\rtvwa.ini2
C:\WINDOWS\system32\rtvwa.tmp
C:\windows\system32\rwkpfuoo.dll
C:\windows\system32\rwnhmqqc.dll
C:\windows\system32\ryedxsye.ini
C:\windows\system32\saedubld.ini
C:\windows\system32\saqlwdcw.ini
C:\windows\system32\sarkjvou.ini
C:\windows\system32\sgmrvvjt.ini
C:\windows\system32\sixskoor.ini
C:\windows\system32\snclvmdl.dll
C:\windows\system32\snqdwkqm.ini
C:\windows\system32\spgmdbuq.ini
C:\windows\system32\sssyfxsf.ini
C:\windows\system32\svhxwrcr.ini
C:\windows\system32\swlxplho.ini
C:\windows\system32\tanahsjk.dll
C:\windows\system32\tbdkrwhl.ini
C:\windows\system32\tfncrdve.dll
C:\windows\system32\tgorbvjp.ini
C:\windows\system32\tjvvrmgs.dll
C:\windows\system32\tkoafaym.dll
C:\windows\system32\tmmoldrd.ini
C:\windows\system32\tqayvroa.dll
C:\windows\system32\tsleiuvf.ini
C:\windows\system32\ubfardyb.dll
C:\windows\system32\ucqqimax.ini
C:\windows\system32\ucvhpbul.ini
C:\windows\system32\ucwikttu.dll
C:\windows\system32\uiwaeyhi.ini
C:\windows\system32\ulwwhyfh.dll
C:\windows\system32\uovjkras.dll
C:\windows\system32\uqyqipfy.ini
C:\windows\system32\uttkiwcu.ini
C:\windows\system32\uylrmoip.dll
C:\windows\system32\vbainbbp.ini
C:\windows\system32\vfchxvka.ini
C:\windows\system32\vjudqvuk.ini
C:\windows\system32\vkmjricn.ini
C:\windows\system32\vliwwulp.ini
C:\windows\system32\vlosmekl.ini
C:\windows\system32\vxplhypd.ini
C:\windows\system32\vybqvmje.ini
C:\windows\system32\wcdwlqas.dll
C:\windows\system32\weoupfid.ini
C:\windows\system32\wktmphjk.ini
C:\windows\system32\wqysqnib.ini
C:\windows\system32\wxuorxgx.dll
C:\windows\system32\wytgnygy.ini
C:\windows\system32\xaajjjxp.ini
C:\windows\system32\xamiqqcu.dll
C:\windows\system32\xeioqxcf.dll
C:\windows\system32\xgxrouxw.ini
C:\windows\system32\xhosxbme.dll
C:\windows\system32\xixaping.ini
C:\windows\system32\xjbppeqj.ini
C:\windows\system32\xlenlgjm.dll
C:\windows\system32\xmcnmmmx.ini
C:\windows\system32\xmmmncmx.dll
C:\windows\system32\xsmfawej.dll
C:\WINDOWS\system32\xxyyywt.dll
C:\windows\system32\xyfjvree.ini
C:\windows\system32\yfpiqyqu.dll
C:\windows\system32\ygyngtyw.dll
C:\windows\system32\yplmgpcd.ini
C:\windows\system32\yportahn.dll
Beginning removal...
Attempting to delete C:\windows\system32\acyveqdm.ini
C:\windows\system32\acyveqdm.ini Has been deleted!
Attempting to delete C:\windows\system32\aggvaorn.dll
C:\windows\system32\aggvaorn.dll Has been deleted!
Attempting to delete C:\windows\system32\aglsjgsq.dll
C:\windows\system32\aglsjgsq.dll Has been deleted!
Attempting to delete C:\windows\system32\ahadrepr.dll
C:\windows\system32\ahadrepr.dll Has been deleted!
Attempting to delete C:\windows\system32\akvxhcfv.dll
C:\windows\system32\akvxhcfv.dll Has been deleted!
Attempting to delete C:\windows\system32\aorvyaqt.ini
C:\windows\system32\aorvyaqt.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\awvtr.dll Could not be deleted.
Attempting to delete C:\windows\system32\ayldidqg.ini
C:\windows\system32\ayldidqg.ini Has been deleted!
Attempting to delete C:\windows\system32\ayxnnfgr.ini
C:\windows\system32\ayxnnfgr.ini Has been deleted!
Attempting to delete C:\windows\system32\bbvckdpp.ini
C:\windows\system32\bbvckdpp.ini Has been deleted!
Attempting to delete C:\windows\system32\binqsyqw.dll
C:\windows\system32\binqsyqw.dll Has been deleted!
Attempting to delete C:\windows\system32\bjyufmfi.ini
C:\windows\system32\bjyufmfi.ini Has been deleted!
Attempting to delete C:\windows\system32\bqyyrevi.ini
C:\windows\system32\bqyyrevi.ini Has been deleted!
Attempting to delete C:\windows\system32\btjdryrr.dll
C:\windows\system32\btjdryrr.dll Has been deleted!
Attempting to delete C:\windows\system32\bybtpite.dll
C:\windows\system32\bybtpite.dll Has been deleted!
Attempting to delete C:\windows\system32\bydrafbu.ini
C:\windows\system32\bydrafbu.ini Has been deleted!
Attempting to delete C:\windows\system32\ceownxft.dll
C:\windows\system32\ceownxft.dll Has been deleted!
Attempting to delete C:\windows\system32\chjkemhj.ini
C:\windows\system32\chjkemhj.ini Has been deleted!
Attempting to delete C:\windows\system32\clnlelfd.dll
C:\windows\system32\clnlelfd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\coxsgffg.dll
C:\WINDOWS\system32\coxsgffg.dll Has been deleted!
Attempting to delete C:\windows\system32\cqqmhnwr.ini
C:\windows\system32\cqqmhnwr.ini Has been deleted!
Attempting to delete C:\windows\system32\dcpgmlpy.dll
C:\windows\system32\dcpgmlpy.dll Has been deleted!
Attempting to delete C:\windows\system32\dflelnlc.ini
C:\windows\system32\dflelnlc.ini Has been deleted!
Attempting to delete C:\windows\system32\difpuoew.dll
C:\windows\system32\difpuoew.dll Has been deleted!
Attempting to delete C:\windows\system32\dlbudeas.dll
C:\windows\system32\dlbudeas.dll Has been deleted!
Attempting to delete C:\windows\system32\dmxejgoi.ini
C:\windows\system32\dmxejgoi.ini Has been deleted!
Attempting to delete C:\windows\system32\dpyhlpxv.dll
C:\windows\system32\dpyhlpxv.dll Has been deleted!
Attempting to delete C:\windows\system32\drdlommt.dll
C:\windows\system32\drdlommt.dll Has been deleted!
Attempting to delete C:\windows\system32\drnjxljn.ini
C:\windows\system32\drnjxljn.ini Has been deleted!
Attempting to delete C:\windows\system32\drqsfxvm.ini
C:\windows\system32\drqsfxvm.ini Has been deleted!
Attempting to delete C:\windows\system32\eervjfyx.dll
C:\windows\system32\eervjfyx.dll Has been deleted!
Attempting to delete C:\windows\system32\ejmvqbyv.dll
C:\windows\system32\ejmvqbyv.dll Has been deleted!
Attempting to delete C:\windows\system32\ekpgbiyn.ini
C:\windows\system32\ekpgbiyn.ini Has been deleted!
Attempting to delete C:\windows\system32\embxsohx.ini
C:\windows\system32\embxsohx.ini Has been deleted!
Attempting to delete C:\windows\system32\emlvkxij.dll
C:\windows\system32\emlvkxij.dll Has been deleted!
Attempting to delete C:\windows\system32\ensjjknj.dll
C:\windows\system32\ensjjknj.dll Has been deleted!
Attempting to delete C:\windows\system32\eqfftdqr.dll
C:\windows\system32\eqfftdqr.dll Has been deleted!
Attempting to delete C:\windows\system32\etiptbyb.ini
C:\windows\system32\etiptbyb.ini Has been deleted!
Attempting to delete C:\windows\system32\evdrcnft.ini
C:\windows\system32\evdrcnft.ini Has been deleted!
Attempting to delete C:\windows\system32\eysxdeyr.dll
C:\windows\system32\eysxdeyr.dll Has been deleted!
Attempting to delete C:\windows\system32\fcaminff.dll
C:\windows\system32\fcaminff.dll Has been deleted!
Attempting to delete C:\windows\system32\fcxqoiex.ini
C:\windows\system32\fcxqoiex.ini Has been deleted!
Attempting to delete C:\windows\system32\fdxxnelg.ini
C:\windows\system32\fdxxnelg.ini Has been deleted!
Attempting to delete C:\windows\system32\ffnimacf.ini
C:\windows\system32\ffnimacf.ini Has been deleted!
Attempting to delete C:\windows\system32\ffrwohdj.ini
C:\windows\system32\ffrwohdj.ini Has been deleted!
Attempting to delete C:\windows\system32\fhssyspr.ini
C:\windows\system32\fhssyspr.ini Has been deleted!
Attempting to delete C:\windows\system32\fnlkgupm.ini
C:\windows\system32\fnlkgupm.ini Has been deleted!
Attempting to delete C:\windows\system32\frxqypvp.ini
C:\windows\system32\frxqypvp.ini Has been deleted!
Attempting to delete C:\windows\system32\fsxfysss.dll
C:\windows\system32\fsxfysss.dll Has been deleted!
Attempting to delete C:\windows\system32\ftbuikuj.dll
C:\windows\system32\ftbuikuj.dll Has been deleted!
Attempting to delete C:\windows\system32\fvuielst.dll
C:\windows\system32\fvuielst.dll Has been deleted!
Attempting to delete C:\windows\system32\ghlorpmp.dll
C:\windows\system32\ghlorpmp.dll Has been deleted!
Attempting to delete C:\windows\system32\glenxxdf.dll
C:\windows\system32\glenxxdf.dll Has been deleted!
Attempting to delete C:\windows\system32\gnipaxix.dll
C:\windows\system32\gnipaxix.dll Has been deleted!
Attempting to delete C:\windows\system32\gqdidlya.dll
C:\windows\system32\gqdidlya.dll Has been deleted!
Attempting to delete C:\windows\system32\hfyhwwlu.ini
C:\windows\system32\hfyhwwlu.ini Has been deleted!
Attempting to delete C:\windows\system32\hngoeehn.dll
C:\windows\system32\hngoeehn.dll Has been deleted!
Attempting to delete C:\windows\system32\hsmyuiym.ini
C:\windows\system32\hsmyuiym.ini Has been deleted!
Attempting to delete C:\windows\system32\hvwvedpq.dll
C:\windows\system32\hvwvedpq.dll Has been deleted!
Attempting to delete C:\windows\system32\ifmfuyjb.dll
C:\windows\system32\ifmfuyjb.dll Has been deleted!
Attempting to delete C:\windows\system32\ihyeawiu.dll
C:\windows\system32\ihyeawiu.dll Has been deleted!
Attempting to delete C:\windows\system32\iogjexmd.dll
C:\windows\system32\iogjexmd.dll Has been deleted!
Attempting to delete C:\windows\system32\iveryyqb.dll
C:\windows\system32\iveryyqb.dll Has been deleted!
Attempting to delete C:\windows\system32\ixxvtvxm.ini
C:\windows\system32\ixxvtvxm.ini Has been deleted!
Attempting to delete C:\windows\system32\jdhowrff.dll
C:\windows\system32\jdhowrff.dll Has been deleted!
Attempting to delete C:\windows\system32\jewafmsx.ini
C:\windows\system32\jewafmsx.ini Has been deleted!
Attempting to delete C:\windows\system32\jhmekjhc.dll
C:\windows\system32\jhmekjhc.dll Has been deleted!
Attempting to delete C:\windows\system32\jixkvlme.ini
C:\windows\system32\jixkvlme.ini Has been deleted!
Attempting to delete C:\windows\system32\jjjdcrep.ini
C:\windows\system32\jjjdcrep.ini Has been deleted!
Attempting to delete C:\windows\system32\jnkjjsne.ini
C:\windows\system32\jnkjjsne.ini Has been deleted!
Attempting to delete C:\windows\system32\jolwnndo.dll
C:\windows\system32\jolwnndo.dll Has been deleted!
Attempting to delete C:\windows\system32\jqeppbjx.dll
C:\windows\system32\jqeppbjx.dll Has been deleted!
Attempting to delete C:\windows\system32\jukiubtf.ini
C:\windows\system32\jukiubtf.ini Has been deleted!
Attempting to delete C:\windows\system32\kbacmjbo.dll
C:\windows\system32\kbacmjbo.dll Has been deleted!
Attempting to delete C:\windows\system32\kjhpmtkw.dll
C:\windows\system32\kjhpmtkw.dll Has been deleted!
Attempting to delete C:\windows\system32\kjshanat.ini
C:\windows\system32\kjshanat.ini Has been deleted!
Attempting to delete C:\windows\system32\kttgkakl.dll
C:\windows\system32\kttgkakl.dll Has been deleted!
Attempting to delete C:\windows\system32\kuvqdujv.dll
C:\windows\system32\kuvqdujv.dll Has been deleted!
Attempting to delete C:\windows\system32\kvkwlncr.dll
C:\windows\system32\kvkwlncr.dll Has been deleted!
Attempting to delete C:\windows\system32\ldmvlcns.ini
C:\windows\system32\ldmvlcns.ini Has been deleted!
Attempting to delete C:\windows\system32\lhwrkdbt.dll
C:\windows\system32\lhwrkdbt.dll Has been deleted!
Attempting to delete C:\windows\system32\lkakgttk.ini
C:\windows\system32\lkakgttk.ini Has been deleted!
Attempting to delete C:\windows\system32\lkemsolv.dll
C:\windows\system32\lkemsolv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lubphvcu.dll
C:\WINDOWS\system32\lubphvcu.dll Could not be deleted.
Attempting to delete C:\windows\system32\luunjajp.ini
C:\windows\system32\luunjajp.ini Has been deleted!
Attempting to delete C:\windows\system32\mdqevyca.dll
C:\windows\system32\mdqevyca.dll Has been deleted!
Attempting to delete C:\windows\system32\mgavwain.dll
C:\windows\system32\mgavwain.dll Has been deleted!
Attempting to delete C:\windows\system32\mitsenpn.ini
C:\windows\system32\mitsenpn.ini Has been deleted!
Attempting to delete C:\windows\system32\mjglnelx.ini
C:\windows\system32\mjglnelx.ini Has been deleted!
Attempting to delete C:\windows\system32\mpugklnf.dll
C:\windows\system32\mpugklnf.dll Has been deleted!
Attempting to delete C:\windows\system32\mqkwdqns.dll
C:\windows\system32\mqkwdqns.dll Has been deleted!
Attempting to delete C:\windows\system32\mrohsivq.ini
C:\windows\system32\mrohsivq.ini Has been deleted!
Attempting to delete C:\windows\system32\mvxfsqrd.dll
C:\windows\system32\mvxfsqrd.dll Has been deleted!
Attempting to delete C:\windows\system32\mxvtvxxi.dll
C:\windows\system32\mxvtvxxi.dll Has been deleted!
Attempting to delete C:\windows\system32\myafaokt.ini
C:\windows\system32\myafaokt.ini Has been deleted!
Attempting to delete C:\windows\system32\myiuymsh.dll
C:\windows\system32\myiuymsh.dll Has been deleted!
Attempting to delete C:\windows\system32\nbuyciep.dll
C:\windows\system32\nbuyciep.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nbytahug.dll
C:\WINDOWS\system32\nbytahug.dll Could not be deleted.
Attempting to delete C:\windows\system32\ncirjmkv.dll
C:\windows\system32\ncirjmkv.dll Has been deleted!
Attempting to delete C:\windows\system32\nhatropy.ini
C:\windows\system32\nhatropy.ini Has been deleted!
Attempting to delete C:\windows\system32\nheeognh.ini
C:\windows\system32\nheeognh.ini Has been deleted!
Attempting to delete C:\windows\system32\nhntmorq.ini
C:\windows\system32\nhntmorq.ini Has been deleted!
Attempting to delete C:\windows\system32\niawvagm.ini
C:\windows\system32\niawvagm.ini Has been deleted!
Attempting to delete C:\windows\system32\njlxjnrd.dll
C:\windows\system32\njlxjnrd.dll Has been deleted!
Attempting to delete C:\windows\system32\nkjwaavh.exe
C:\windows\system32\nkjwaavh.exe Has been deleted!
Attempting to delete C:\windows\system32\npnestim.dll
C:\windows\system32\npnestim.dll Has been deleted!
Attempting to delete C:\windows\system32\nqmvsnfq.ini
C:\windows\system32\nqmvsnfq.ini Has been deleted!
Attempting to delete C:\windows\system32\nroavgga.ini
C:\windows\system32\nroavgga.ini Has been deleted!
Attempting to delete C:\windows\system32\nyibgpke.dll
C:\windows\system32\nyibgpke.dll Has been deleted!
Attempting to delete C:\windows\system32\objmcabk.ini
C:\windows\system32\objmcabk.ini Has been deleted!
Attempting to delete C:\windows\system32\odnnwloj.ini
C:\windows\system32\odnnwloj.ini Has been deleted!
Attempting to delete C:\windows\system32\ohlpxlws.dll
C:\windows\system32\ohlpxlws.dll Has been deleted!
Attempting to delete C:\windows\system32\onwsiivp.ini
C:\windows\system32\onwsiivp.ini Has been deleted!
Attempting to delete C:\windows\system32\ooufpkwr.ini
C:\windows\system32\ooufpkwr.ini Has been deleted!
Attempting to delete C:\windows\system32\ouinjiqr.dll
C:\windows\system32\ouinjiqr.dll Has been deleted!
Attempting to delete C:\windows\system32\pbbniabv.dll
C:\windows\system32\pbbniabv.dll Has been deleted!
Attempting to delete C:\windows\system32\peicyubn.ini
C:\windows\system32\peicyubn.ini Has been deleted!
Attempting to delete C:\windows\system32\percdjjj.dll
C:\windows\system32\percdjjj.dll Has been deleted!
Attempting to delete C:\windows\system32\piomrlyu.ini
C:\windows\system32\piomrlyu.ini Has been deleted!
Attempting to delete C:\windows\system32\pjajnuul.dll
C:\windows\system32\pjajnuul.dll Has been deleted!
Attempting to delete C:\windows\system32\pjvbrogt.dll
C:\windows\system32\pjvbrogt.dll Has been deleted!
Attempting to delete C:\windows\system32\pluwwilv.dll
C:\windows\system32\pluwwilv.dll Has been deleted!
Attempting to delete C:\windows\system32\pmprolhg.ini
C:\windows\system32\pmprolhg.ini Has been deleted!
Attempting to delete C:\windows\system32\ppdkcvbb.dll
C:\windows\system32\ppdkcvbb.dll Has been deleted!
Attempting to delete C:\windows\system32\pviiswno.dll
C:\windows\system32\pviiswno.dll Has been deleted!
Attempting to delete C:\windows\system32\pvpyqxrf.dll
C:\windows\system32\pvpyqxrf.dll Has been deleted!
Attempting to delete C:\windows\system32\pxjjjaax.dll
C:\windows\system32\pxjjjaax.dll Has been deleted!
Attempting to delete C:\windows\system32\qbqvocnq.dll
C:\windows\system32\qbqvocnq.dll Has been deleted!
Attempting to delete C:\windows\system32\qesahwmq.ini
C:\windows\system32\qesahwmq.ini Has been deleted!
Attempting to delete C:\windows\system32\qfnsvmqn.dll
C:\windows\system32\qfnsvmqn.dll Has been deleted!
Attempting to delete C:\windows\system32\qmwhaseq.dll
C:\windows\system32\qmwhaseq.dll Has been deleted!
Attempting to delete C:\windows\system32\qncovqbq.ini
C:\windows\system32\qncovqbq.ini Has been deleted!
Attempting to delete C:\windows\system32\qpdevwvh.ini
C:\windows\system32\qpdevwvh.ini Has been deleted!
Attempting to delete C:\windows\system32\qromtnhn.dll
C:\windows\system32\qromtnhn.dll Has been deleted!
Attempting to delete C:\windows\system32\qsgjslga.ini
C:\windows\system32\qsgjslga.ini Has been deleted!
Attempting to delete C:\windows\system32\qubdmgps.dll
C:\windows\system32\qubdmgps.dll Has been deleted!
Attempting to delete C:\windows\system32\qvishorm.dll
C:\windows\system32\qvishorm.dll Has been deleted!
Attempting to delete C:\windows\system32\rcnlwkvk.ini
C:\windows\system32\rcnlwkvk.ini Has been deleted!
Attempting to delete C:\windows\system32\rcrwxhvs.dll
C:\windows\system32\rcrwxhvs.dll Has been deleted!
Attempting to delete C:\windows\system32\rgfnnxya.dll
C:\windows\system32\rgfnnxya.dll Has been deleted!
Attempting to delete C:\windows\system32\rooksxis.dll
C:\windows\system32\rooksxis.dll Has been deleted!
Attempting to delete C:\windows\system32\rperdaha.ini
C:\windows\system32\rperdaha.ini Has been deleted!
Attempting to delete C:\windows\system32\rpsysshf.dll
C:\windows\system32\rpsysshf.dll Has been deleted!
Attempting to delete C:\windows\system32\rqdtffqe.ini
C:\windows\system32\rqdtffqe.ini Has been deleted!
Attempting to delete C:\windows\system32\rqijniuo.ini
C:\windows\system32\rqijniuo.ini Has been deleted!
Attempting to delete C:\windows\system32\rryrdjtb.ini
C:\windows\system32\rryrdjtb.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\rtvwa.bak1
C:\WINDOWS\system32\rtvwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\rtvwa.bak2
C:\WINDOWS\system32\rtvwa.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\rtvwa.ini
C:\WINDOWS\system32\rtvwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\rtvwa.ini2
C:\WINDOWS\system32\rtvwa.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\rtvwa.tmp
C:\WINDOWS\system32\rtvwa.tmp Has been deleted!
Attempting to delete C:\windows\system32\rwkpfuoo.dll
C:\windows\system32\rwkpfuoo.dll Has been deleted!
Attempting to delete C:\windows\system32\rwnhmqqc.dll
C:\windows\system32\rwnhmqqc.dll Has been deleted!
Attempting to delete C:\windows\system32\ryedxsye.ini
C:\windows\system32\ryedxsye.ini Has been deleted!
Attempting to delete C:\windows\system32\saedubld.ini
C:\windows\system32\saedubld.ini Has been deleted!
Attempting to delete C:\windows\system32\saqlwdcw.ini
C:\windows\system32\saqlwdcw.ini Has been deleted!
Attempting to delete C:\windows\system32\sarkjvou.ini
C:\windows\system32\sarkjvou.ini Has been deleted!
Attempting to delete C:\windows\system32\sgmrvvjt.ini
C:\windows\system32\sgmrvvjt.ini Has been deleted!
Attempting to delete C:\windows\system32\sixskoor.ini
C:\windows\system32\sixskoor.ini Has been deleted!
Attempting to delete C:\windows\system32\snclvmdl.dll
C:\windows\system32\snclvmdl.dll Has been deleted!
Attempting to delete C:\windows\system32\snqdwkqm.ini
C:\windows\system32\snqdwkqm.ini Has been deleted!
Attempting to delete C:\windows\system32\spgmdbuq.ini
C:\windows\system32\spgmdbuq.ini Has been deleted!
Attempting to delete C:\windows\system32\sssyfxsf.ini
C:\windows\system32\sssyfxsf.ini Has been deleted!
Attempting to delete C:\windows\system32\svhxwrcr.ini
C:\windows\system32\svhxwrcr.ini Has been deleted!
Attempting to delete C:\windows\system32\swlxplho.ini
C:\windows\system32\swlxplho.ini Has been deleted!
Attempting to delete C:\windows\system32\tanahsjk.dll
C:\windows\system32\tanahsjk.dll Has been deleted!
Attempting to delete C:\windows\system32\tbdkrwhl.ini
C:\windows\system32\tbdkrwhl.ini Has been deleted!
Attempting to delete C:\windows\system32\tfncrdve.dll
C:\windows\system32\tfncrdve.dll Has been deleted!
Attempting to delete C:\windows\system32\tgorbvjp.ini
C:\windows\system32\tgorbvjp.ini Has been deleted!
Attempting to delete C:\windows\system32\tjvvrmgs.dll
C:\windows\system32\tjvvrmgs.dll Has been deleted!
Attempting to delete C:\windows\system32\tkoafaym.dll
C:\windows\system32\tkoafaym.dll Has been deleted!
Attempting to delete C:\windows\system32\tmmoldrd.ini
C:\windows\system32\tmmoldrd.ini Has been deleted!
Attempting to delete C:\windows\system32\tqayvroa.dll
C:\windows\system32\tqayvroa.dll Has been deleted!
Attempting to delete C:\windows\system32\tsleiuvf.ini
C:\windows\system32\tsleiuvf.ini Has been deleted!
Attempting to delete C:\windows\system32\ubfardyb.dll
C:\windows\system32\ubfardyb.dll Has been deleted!
Attempting to delete C:\windows\system32\ucqqimax.ini
C:\windows\system32\ucqqimax.ini Has been deleted!
Attempting to delete C:\windows\system32\ucvhpbul.ini
C:\windows\system32\ucvhpbul.ini Has been deleted!
Attempting to delete C:\windows\system32\ucwikttu.dll
C:\windows\system32\ucwikttu.dll Has been deleted!
Attempting to delete C:\windows\system32\uiwaeyhi.ini
C:\windows\system32\uiwaeyhi.ini Has been deleted!
Attempting to delete C:\windows\system32\ulwwhyfh.dll
C:\windows\system32\ulwwhyfh.dll Has been deleted!
Attempting to delete C:\windows\system32\uovjkras.dll
C:\windows\system32\uovjkras.dll Has been deleted!
Attempting to delete C:\windows\system32\uqyqipfy.ini
C:\windows\system32\uqyqipfy.ini Has been deleted!
Attempting to delete C:\windows\system32\uttkiwcu.ini
C:\windows\system32\uttkiwcu.ini Has been deleted!
Attempting to delete C:\windows\system32\uylrmoip.dll
C:\windows\system32\uylrmoip.dll Has been deleted!
Attempting to delete C:\windows\system32\vbainbbp.ini
C:\windows\system32\vbainbbp.ini Has been deleted!
Attempting to delete C:\windows\system32\vfchxvka.ini
C:\windows\system32\vfchxvka.ini Has been deleted!
Attempting to delete C:\windows\system32\vjudqvuk.ini
C:\windows\system32\vjudqvuk.ini Has been deleted!
Attempting to delete C:\windows\system32\vkmjricn.ini
C:\windows\system32\vkmjricn.ini Has been deleted!
Attempting to delete C:\windows\system32\vliwwulp.ini
C:\windows\system32\vliwwulp.ini Has been deleted!
Attempting to delete C:\windows\system32\vlosmekl.ini
C:\windows\system32\vlosmekl.ini Has been deleted!
Attempting to delete C:\windows\system32\vxplhypd.ini
C:\windows\system32\vxplhypd.ini Has been deleted!
Attempting to delete C:\windows\system32\vybqvmje.ini
C:\windows\system32\vybqvmje.ini Has been deleted!
Attempting to delete C:\windows\system32\wcdwlqas.dll
C:\windows\system32\wcdwlqas.dll Has been deleted!
Attempting to delete C:\windows\system32\weoupfid.ini
C:\windows\system32\weoupfid.ini Has been deleted!
Attempting to delete C:\windows\system32\wktmphjk.ini
C:\windows\system32\wktmphjk.ini Has been deleted!
Attempting to delete C:\windows\system32\wqysqnib.ini
C:\windows\system32\wqysqnib.ini Has been deleted!
Attempting to delete C:\windows\system32\wxuorxgx.dll
C:\windows\system32\wxuorxgx.dll Has been deleted!
Attempting to delete C:\windows\system32\wytgnygy.ini
C:\windows\system32\wytgnygy.ini Has been deleted!
Attempting to delete C:\windows\system32\xaajjjxp.ini
C:\windows\system32\xaajjjxp.ini Has been deleted!
Attempting to delete C:\windows\system32\xamiqqcu.dll
C:\windows\system32\xamiqqcu.dll Has been deleted!
Attempting to delete C:\windows\system32\xeioqxcf.dll
C:\windows\system32\xeioqxcf.dll Has been deleted!
Attempting to delete C:\windows\system32\xgxrouxw.ini
C:\windows\system32\xgxrouxw.ini Has been deleted!
Attempting to delete C:\windows\system32\xhosxbme.dll
C:\windows\system32\xhosxbme.dll Has been deleted!
Attempting to delete C:\windows\system32\xixaping.ini
C:\windows\system32\xixaping.ini Has been deleted!
Attempting to delete C:\windows\system32\xjbppeqj.ini
C:\windows\system32\xjbppeqj.ini Has been deleted!
Attempting to delete C:\windows\system32\xlenlgjm.dll
C:\windows\system32\xlenlgjm.dll Has been deleted!
Attempting to delete C:\windows\system32\xmcnmmmx.ini
C:\windows\system32\xmcnmmmx.ini Has been deleted!
Attempting to delete C:\windows\system32\xmmmncmx.dll
C:\windows\system32\xmmmncmx.dll Has been deleted!
Attempting to delete C:\windows\system32\xsmfawej.dll
C:\windows\system32\xsmfawej.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xxyyywt.dll
C:\WINDOWS\system32\xxyyywt.dll Could not be deleted.
Attempting to delete C:\windows\system32\xyfjvree.ini
C:\windows\system32\xyfjvree.ini Has been deleted!
Attempting to delete C:\windows\system32\yfpiqyqu.dll
C:\windows\system32\yfpiqyqu.dll Has been deleted!
Attempting to delete C:\windows\system32\ygyngtyw.dll
C:\windows\system32\ygyngtyw.dll Has been deleted!
Attempting to delete C:\windows\system32\yplmgpcd.ini
C:\windows\system32\yplmgpcd.ini Has been deleted!
Attempting to delete C:\windows\system32\yportahn.dll
C:\windows\system32\yportahn.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\awvtr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lubphvcu.dll
C:\WINDOWS\system32\lubphvcu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nbytahug.dll
C:\WINDOWS\system32\nbytahug.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rtvwa.ini
C:\WINDOWS\system32\rtvwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\xxyyywt.dll
C:\WINDOWS\system32\xxyyywt.dll Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V6.5.9
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 6:44:09 PM 10/4/2007
Listing files found while scanning....
C:\windows\system32\xxyyywt.dll
Beginning removal...
Attempting to delete C:\windows\system32\xxyyywt.dll
C:\windows\system32\xxyyywt.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.7.7
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 1:16:32 PM 1/31/2008
Listing files found while scanning....
No infected files were found.
VundoFix V6.7.7
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 6:39:55 PM 1/31/2008
Listing files found while scanning....
No infected files were found.
Beginning removal...
-
heres the Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:10:44 PM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Cyb2k.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\SBPaper\paper.exe
C:\Documents and Settings\Pete's\Desktop\Other apps\vistart_2502_english_skin_default\ViStart.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\aduttakp.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HJT\HJTInstall.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - (no file)
O2 - BHO: (no name) - {39195EDC-FA72-4393-BF58-A7DB2AA9A1CE} - C:\WINDOWS\system32\mljgh.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINDOWS\system32\awturqo.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: {059d3106-4d15-a8ca-cee4-69e597e6ccfe} - {efcc6e79-5e96-4eec-ac8a-51d46013d950} - C:\WINDOWS\system32\kvkefcjf.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [40408b53] rundll32.exe "C:\WINDOWS\system32\hkfltapo.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [scottsPaperManager] "C:\Program Files\SBPaper\paper.exe" -autominimize
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ViStart] C:\Documents and Settings\Pete's\Desktop\Other apps\vistart_2502_english_skin_default\ViStart
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Program Files\Vista Sidebar\Thoosje Vista Sidebar.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187204501375
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {A954AFC3-3A26-44C2-A126-2B61C09F8FC9} (SNRecovery Control) - http://www.cybersitter.com/recovery/ocx/SerialRecovery.ocx
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awturqo - C:\WINDOWS\SYSTEM32\awturqo.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\aduttakp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 12290 bytes
-
W00t! nice to know I'm clean! Thank you again for all your help!
-
Every things running fine, And I haven't noticed any bad things so far! Thanks a lot for the help so far! And sorry its taking a while. I'm loving the firewall and Avast!
-
Strange, I had no reports to save. Well, all it found and removed where tracking cookies and nothing else. 28 of them.
-
And heres the extra.txt
Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon XP 3200+
Percentage of Memory in Use: 73%
Physical Memory (total/avail): 511.48 MiB / 136.72 MiB
Pagefile Memory (total/avail): 1151.71 MiB / 718.46 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1955.61 MiB
C: is Fixed (NTFS) - 144.25 GiB total, 82.34 GiB free.
D: is Fixed (FAT32) - 4.79 GiB total, 0.62 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
\\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 4.79 GiB - D:
\PARTITION1 (bootable) - Installable File System - 144.25 GiB - C:
\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device
\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device
\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device
\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FW: COMODO Firewall Pro v2.3.035 (COMODO)
AV: avast! antivirus 4.7.1043 [VPS 000780-2] v4.7.1043 (ALWIL Software)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Pete's\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
COLLECTIONID=COL8143
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SHADOW
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HMSERVER=https://h30083.www3.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Pete's
ITEMID=dj-22741-6
LANG=1033
LOGONSERVER=\\SHADOW
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
OSVER=winXPH
PAPATH=c:/devkitPro/PAlib/
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONID=1098426280950wuws04-l1e1be92:ffbf4e2f8a:3c80
SESSIONNAME=Console
SWUTVER=1.0.22.20030804
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Pete's\LOCALS~1\Temp
TIMEOUT=0
TMP=C:\DOCUME~1\Pete's\LOCALS~1\Temp
TOOLPATH=/c:\Program%20Files\HP\HP%20Software%20Update\install.htm
UPDATEDIR=C:\DOCUME~1\Owner\LOCALS~1\Temp\rad0131D.tmp
USERDOMAIN=SHADOW
USERNAME=Pete's
USERPROFILE=C:\Documents and Settings\Pete's
VERSION=3.0.2.97
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
Owner (admin)
Pete's (admin)
Kid (new local, admin)
Administrator (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Action Replay Code Manager --> "C:\Program Files\Datel\Action Replay Code Manager\unins000.exe"
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Acrobat 4.0, 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe ActiveShare 1.2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adobe\ActiveShare\Uninst.isu"
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe PhotoDeluxe Home Edition 4.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adobe\PhotoDeluxe Home Edition 4.0\Uninst.isu"
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Agere Systems PCI Soft Modem --> agrsmdel
Apple Mobile Device Support --> MsiExec.exe /I{967D588C-9B96-40C9-A222-DCD6922563CA}
Apple Software Update --> MsiExec.exe /I{492724FC-3B26-46B4-824F-3CE2722D9AA0}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI DVD Decoder 2.2.0.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{45D228AA-4284-467A-9DB6-942B92BFF656} /l1033
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Multimedia Center 8.6.0.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B7DC0CAF-0D27-4ACE-8E34-8594C8D7C1DB} /l1033
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Black & White® 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\110\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}\setup.exe" -l0x9 -removeonly
Civilization III --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2157961D-0507-44A8-BCF2-1EE2D439E8DF}
COMODO Firewall Pro --> C:\Program Files\Comodo\Firewall\fwconfig.exe -uninstalln
Crystal Maze from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292\Uninstall.exe"
DAO --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Pro Trial --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Ghost Recon --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}\Setup.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 1.99.1 --> C:\Documents and Settings\Pete's\My Documents\highjackthis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
How To Master Excel 2000 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\Uninst.isu
HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 3.5 --> C:\Program Files\HP\Digital Imaging\{C6C44651-7C66-4b11-92E8-17565D3D22DD}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Instant Support --> C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Photo & Imaging 3.5 - HP Devices --> C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPIZ350 --> MsiExec.exe /X{F247869D-3643-4A9F-821B-3534145928E3}
Impossible Creatures 1.0.1 --> MsiExec.exe /X{6B2B0D05-2B4A-4855-A47B-D69CD9E3CDD6}
Ink Monitor --> C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe -U
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPod for Windows 2005-11-17 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8338BA06-E527-491B-9400-F51708FEE695} /l1033
ips XP 1.11.2600 --> "C:\Program Files\ipsXP\unins000.exe"
ips XP 1.11.2600 --> "C:\Program Files\ipsXP\unins000.exe"
ItsDeductible Express --> MsiExec.exe /X{36495C59-089C-49D1-BD15-9E5BD86DC9A1}
iTunes --> MsiExec.exe /I{E0219810-16E4-437D-9165-93D7B22524F9}
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kazaa Lite K++ v2.4.3 --> "C:\Program Files\Kazaa Lite K++\unins000.exe"
Lexmark 2400 Series --> C:\Program Files\Lexmark 2400 Series\Install\x86\Uninst.exe
Lexmark Toolbar --> regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
Lords of the Realm III --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C1EAF33-82AD-4A63-B56D-4739172714DF}\Setup.exe" -l0x9
Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft Calculator Plus --> MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Need For Speed Hot Pursuit 2 --> C:\Program Files\EA Games\Need For Speed Hot Pursuit 2\EAUninstall.exe
Nintendo DS - GBA Max Drive --> "C:\Program Files\Datel\Nintendo DS - GBA Max Drive\unins000.exe"
Norton Internet Security --> MsiExec.exe /I{88770EA7-9E8F-483C-ADDB-5F633691C036}
Orbital from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\62067F4C-84A9-45B9-8573-B90468B0A3EF\Uninstall.exe"
Otto from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\BFBCBAE3-8293-4215-9C4F-C2402C118EDB\Uninstall.exe"
Overball from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6723E59E-322A-417A-8E03-27A61E18253C\Uninstall.exe"
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Paint.NET v3.08 --> MsiExec.exe /X{83B26E5D-1795-4DFE-9317-0FA0F3AAB568}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Polar Bowler from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\36317AE4-57EC-4F3E-B828-009A3DD96BE8\Uninstall.exe"
Pop-Up Stopper Free Edition --> C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Riva Producer Lite --> "C:\Program Files\Riva\Riva Producer Lite\unins000.exe"
Roll --> C:\WINDOWS\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
Roller Coaster Tycoon --> C:\PROGRA~1\INFOGR~2\ROLLER~1\UNWISE.EXE C:\PROGRA~1\INFOGR~2\ROLLER~1\INSTALL.LOG
RollerCoaster Tycoon 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x9
S3 S3Display --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
SC Ver 2.60 --> "C:\Program Files\SC\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\110\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Sid Meier's Pirates! --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1632FD86-1BA4-4FC4-8B25-A8C655D63F68} /l1033
Slyder from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A\Uninstall.exe"
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony ACID Music Studio 6.0b --> MsiExec.exe /X{D4A823CA-D124-456E-9A98-71544A928897}
SpongeBob SquarePants - The Movie --> RunDll32 C:\DOCUME~1\Pete's\APPLIC~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Documents and Settings\Pete's\Application Data\InstallShield Installation Information\{B98D958E-9E59-43B7-B47F-043D45D73EE6}\setup.exe" -l0x9 -uninst
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Street Atlas USA Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3409AD65-7A2A-46D4-8F07-DB1508B9158D}\setup.exe" NoMode
StumbleUpon IE Toolbar --> C:\Program Files\StumbleUpon\uninstall.exe
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The Battle for Middle-earth --> C:\Program Files\EA GAMES\The Battle for Middle-earth \EAUninstall.exe
The Hobbit --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{023FFB0A-C5DB-4930-B3E4-D48266C21738}
Toolkit View(HP) --> c:\Windows\HPTK\unhptkit.exe
Tradewinds from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F5215F01-DFC0-475D-A910-6F1AF94E807E\Uninstall.exe"
TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
UniChrome IGP Driver and Utilities --> C:\PROGRA~1\S3\S3\s3setvga.exe -s -fC:\PROGRA~1\S3\S3\S3.uns
Uno --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8E28912-A7B8-488C-B259-33F9014B9D09}\setup.exe" -l0x9
Updates from HP --> C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
VOCALOID Editor V1.1.1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B123B3B1-C2A0-47E7-AAAB-D1E2DBE259CB}\setup.exe" -l0x9
VOCALOID Expression DB (Miriam) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44F77FBE-828D-4B04-A02B-C70426F65C86}\setup.exe" -l0x9
VOCALOID Expression DB (Standard) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B89EB0D-68C3-4E5D-A705-CD8D37DABF50}\setup.exe" -l0x9
VOCALOID SKIN (Zero-G MIRIAM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8BBB3758-6759-4086-835B-1D665DBE979F}\setup.exe" -l0x9
VOCALOID Voice DB (Miriam) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{146303B2-EA46-4BFB-8054-FC75A0D0088B}\setup.exe" -l0x9
VOCALOID VSTi V1.1.1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAC611DA-E445-4D7A-8311-7389C627FA32}\setup.exe" -l0x9
VOCALOID2 Editor V2.0.2.4J --> C:\Program Files\InstallShield Installation Information\{F1C1C21B-F56E-400B-B0B0-270D817889F3}\setup.exe -runfromtemp -l0x0009 -removeonly
VOCALOID2 Expression DB (Standard) --> C:\Program Files\InstallShield Installation Information\{B6588186-9657-486C-AEB1-F57D8E160F19}\setup.exe -runfromtemp -l0x0009 -removeonly
VOCALOID2 Voice DB (Miku) --> C:\Program Files\InstallShield Installation Information\{B4342A07-E2C7-4A8B-9145-CBDEE750BCE3}\setup.exe -runfromtemp -l0x0009 -removeonly
VOCALOID2 VSTi V2.0.2.0 --> C:\Program Files\InstallShield Installation Information\{A95FF0B9-5CFB-497E-8872-3A5F41AD9D4F}\setup.exe -runfromtemp -l0x0009 -removeonly
Where Am I Dataset --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A202CE5-2F2C-484F-B43E-523943D68E68}\setup.exe" NoMode
Windows Live installer --> MsiExec.exe /X{7BC43F11-02C8-45FA-ABDC-E2F9FF31F825}
Windows Live Sign-in Assistant --> MsiExec.exe /I{CB5EA99C-8A5B-49F2-9A1A-2EF78BE4DB41}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Word Symphony from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B8610D19-E576-4F91-8A2F-07898D9CA301\Uninstall.exe"
Zoo Tycoon 2 --> "C:\Program Files\Microsoft Games\Zoo Tycoon 2\UNINSTAL.EXE" /runtemp /uninstall
Zoo Tycoon 2 Patch --> "C:\Program Files\Microsoft Games\Zoo Tycoon 2\UNINSTPA.EXE" /runtemp /uninstall
-- Application Event Log -------------------------------------------------------
Event Record #/Type13141 / Error
Event Submitted/Written: 10/13/2007 11:29:28 AM
Event ID/Source: 5 / CYBERsitter
Event Description:
Exception Error - GETCIP [11004] Valid name, no data record of requested type
Event Record #/Type13140 / Error
Event Submitted/Written: 10/13/2007 11:28:43 AM
Event ID/Source: 5 / CYBERsitter
Event Description:
Exception Error - GETCIP [11004] Valid name, no data record of requested type
Event Record #/Type13139 / Error
Event Submitted/Written: 10/13/2007 11:27:28 AM
Event ID/Source: 5 / CYBERsitter
Event Description:
Exception Error - GETCIP [11004] Valid name, no data record of requested type
Event Record #/Type13138 / Error
Event Submitted/Written: 10/13/2007 11:26:29 AM
Event ID/Source: 5 / CYBERsitter
Event Description:
Exception Error - GETCIP [11004] Valid name, no data record of requested type
Event Record #/Type13137 / Error
Event Submitted/Written: 10/13/2007 11:25:30 AM
Event ID/Source: 5 / CYBERsitter
Event Description:
Exception Error - GETCIP [11004] Valid name, no data record of requested type
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type16918 / Error
Event Submitted/Written: 10/13/2007 10:30:11 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s).
Event Record #/Type16888 / Error
Event Submitted/Written: 10/13/2007 08:58:27 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
rxp
Event Record #/Type16859 / Error
Event Submitted/Written: 10/12/2007 05:35:50 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
rxp
Event Record #/Type16821 / Error
Event Submitted/Written: 10/12/2007 03:23:46 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
rxp
Event Record #/Type16788 / Error
Event Submitted/Written: 10/11/2007 05:20:15 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
rxp
-- End of Deckard's System Scanner: finished at 2007-10-13 11:31:32 ------------
-
Okay, heres the main.txt
Deckard's System Scanner v20070905.67
Run by Pete's on 2007-10-13 11:25:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
145: 2007-10-13 18:25:59 UTC - RP250 - Deckard's System Scanner Restore Point
144: 2007-10-13 16:37:44 UTC - RP249 - System Checkpoint
143: 2007-10-12 02:21:52 UTC - RP248 - System Checkpoint
142: 2007-10-11 00:35:59 UTC - RP247 - ComboFix created restore point
141: 2007-10-10 03:39:54 UTC - RP246 - Software Distribution Service 3.0
-- First Restore Point --
1: 2007-07-13 20:22:18 UTC - RP106 - System Checkpoint
Performed disk cleanup.
-- HijackThis (run as Pete's.exe) ----------------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-13 11:26:13
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\hp\KBD\kbd.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Cyb2k.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\cpf.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Pete's\Desktop\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: (no name) - - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [VTTimer] VTTimer.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [updateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKEY_LOCAL_MACHINE\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKEY_LOCAL_MACHINE\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKEY_LOCAL_MACHINE\..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKEY_LOCAL_MACHINE\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.stumbleupon.com (HKCU)
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} () - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187204501375
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A954AFC3-3A26-44C2-A126-2B61C09F8FC9} (SNRecovery Control) - http://www.cybersitter.com/recovery/ocx/SerialRecovery.ocx
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\system32\igfxsrvc.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - "C:\Program Files\Viewpoint\Common\ViewpointService.exe"
-- HijackThis Fixed Entries (C:\DOCUME~1\Pete's\MYDOCU~1\HIGHJA~1\backups\) ----
backup-20070726-153724-152 O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
backup-20070726-153724-372 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
backup-20070726-153724-455 O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
backup-20071006-101222-293 O2 - BHO: (no name) - {B62F5B2F-FB3C-45BC-97BF-9EBE1A61AED4} - C:\WINDOWS\system32\awvtr.dll (file missing)
backup-20071006-101222-426 O4 - Startup: PowerReg Scheduler V3.exe
backup-20071006-101222-521 O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
backup-20071006-101222-647 O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\twinqmds.exe CHD003
backup-20071006-101222-823 O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\twinqmds.exe
backup-20071006-101223-307 O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 dsreader (MaxDrive Driver (dsreader.sys)) - c:\windows\system32\drivers\dsreader.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>
R3 Eplpdx02 - c:\windows\system32\drivers\eplpdx02.sys <Not Verified; MK Systems CO., LTD.; MK Systems LPT I/O Driver for Windows2000>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S1 rxp - c:\windows\system32\drivers\rxp.sys (file missing)
S3 catchme - c:\docume~1\pete's\locals~1\temp\catchme.sys (file missing)
S3 EVOLUSB (%EVOL_USB_SvcDesc%) - c:\windows\system32\drivers\evolusb.sys <Not Verified; Evolution Electronics Ltd.; Evolution USB MIDI Keyboard Interface>
S3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT®>
S3 pnicml - c:\docume~1\owner\locals~1\temp\pnicml.sys (file missing)
S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 samhid - c:\windows\system32\drivers\samhid.sys (file missing)
S3 USBIO (USBIO Driver (usbio.sys)) - c:\windows\system32\drivers\usbio.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
R2 UnoInstallerService (Uno Installer) - c:\program files\m-audio uno\unoinst.exe <Not Verified; ; EvoUno USB Installer Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\78232CE01800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\78232CE01800
Service: NIC1394
-- Process Modules -------------------------------------------------------------
C:\WINDOWS\system32\winlogon.exe (pid 828)
2007-06-19 06:31:19 282112 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-19 13:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>
C:\WINDOWS\system32\svchost.exe (pid 1048)
2007-06-19 06:31:19 282112 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
C:\WINDOWS\system32\svchost.exe (pid 1172)
2007-06-19 06:31:19 282112 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-06-26 10:37:10 148480 --a------ C:\WINDOWS\system32\dnsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2001-03-11 16:01:42 159744 --a------ C:\WINDOWS\system32\lspcs.dll <Not Verified; Solid Oak; internet filter>
2006-06-26 10:37:10 8192 --a------ C:\WINDOWS\system32\rasadhlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
C:\WINDOWS\system32\svchost.exe (pid 616)
2007-06-19 06:31:19 282112 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
C:\WINDOWS\explorer.exe (pid 3320)
2007-06-19 06:31:19 282112 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-31 18:44:42 43008 --a------ C:\Program Files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll <Not Verified; Apple Inc.; iTunes>
2007-07-31 18:44:42 129536 --a------ C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll <Not Verified; Apple Inc.; iTunes>
-- :: 0 --------- C:\DOCUME~1\Pete's\LOCALS~1\Temp\IadHide4.dll
2007-04-13 03:21:14 271360 --a------ C:\WINDOWS\system32\mscoree.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2005-09-23 08:28:50 9216 --a------ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2007-04-13 03:21:12 5634048 --a------ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
-- Scheduled Tasks -------------------------------------------------------------
2007-09-07 21:40:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2007-09-13 and 2007-10-13 -----------------------------
2007-10-08 18:25:22 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-08 18:25:05 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-10-08 18:25:05 0 d-------- C:\Documents and Settings\Pete's\Application Data\SUPERAntiSpyware.com
2007-10-08 10:38:38 0 d-------- C:\Documents and Settings\Pete's\DoctorWeb
2007-10-07 21:20:08 0 d-------- C:\Documents and Settings\Pete's\Application Data\WinRAR
2007-10-07 17:20:13 0 d-------- C:\Program Files\Rocket Division Software
2007-10-07 15:43:27 0 d-------- C:\Program Files\SpywareBlaster
2007-10-07 15:43:27 0 d-------- C:\Program Files\Panicware
2007-10-07 15:43:14 0 d-------- C:\Program Files\Lionhead Studios
2007-10-07 15:42:59 0 d-------- C:\Program Files\EA Games
2007-10-07 15:42:49 0 d-------- C:\Documents and Settings\Pete's\Application Data\Microsoft Games
2007-10-07 15:42:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Games
2007-10-07 15:41:03 0 d-------- C:\Program Files\Hasbro Interactive
2007-10-07 15:40:59 0 d-------- C:\Program Files\Game_Maker6
2007-10-07 15:40:59 0 d-------- C:\Program Files\eMule
2007-10-07 15:40:59 0 d-------- C:\Program Files\ASUS
2007-10-07 15:40:56 0 d-------- C:\Starcraft
2007-10-07 15:40:56 0 d-------- C:\Program Files\Clever Batch Image Converter
2007-10-07 15:40:56 0 d-------- C:\Program Files\BitComet
2007-10-07 15:40:56 0 d-------- C:\Program Files\BatchDPG
2007-10-07 10:57:02 0 d-------- C:\Program Files\R4 Commander
2007-10-05 19:13:19 0 d-------- C:\Documents and Settings\Pete's\Application Data\Comodo
2007-10-05 19:13:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-10-05 19:09:21 0 d-------- C:\Program Files\Comodo
2007-10-05 15:50:12 0 d-------- C:\Program Files\Alwil Software
2007-10-04 18:46:47 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2007-10-03 19:00:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-09-29 19:54:32 0 d-------- C:\New Folder
2007-09-29 14:16:33 0 d-------- C:\Program Files\VOCALOID2
2007-09-29 14:13:28 200704 --a------ C:\WINDOWS\system32\libguide40.dll <Not Verified; Intel Corporation; Guide Run-time Library>
2007-09-29 14:13:28 4874240 --a------ C:\WINDOWS\system32\DSE2_DFT.dll
2007-09-28 15:44:38 0 d-------- C:\Program Files\Steinberg
2007-09-28 15:20:25 0 d-------- C:\Program Files\VOCALOID
2007-09-20 20:46:18 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-20 20:41:12 0 d-------- C:\WINDOWS\system32\drivers\UMDF
-- Find3M Report ---------------------------------------------------------------
2007-10-11 18:09:00 0 d-------- C:\Program Files\M-Audio Uno
2007-10-11 18:08:53 0 d-------- C:\Program Files\iTunes
2007-10-11 18:08:43 0 d-------- C:\Program Files\Lexmark 2400 Series
2007-10-11 18:08:23 0 d-------- C:\Program Files\Messenger
2007-10-11 18:08:11 0 d-------- C:\Program Files\Lexmark Toolbar
2007-10-11 18:08:11 0 d-------- C:\Program Files\Google
2007-10-11 18:08:10 0 d-------- C:\Program Files\StumbleUpon
2007-10-08 18:24:29 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-08 12:28:02 0 d-------- C:\Program Files\Project64 1.6
2007-10-07 15:47:31 0 d-------- C:\Program Files\lx_cats
2007-10-07 15:45:21 0 d-------- C:\Documents and Settings\Pete's\Application Data\InstallShield Installation Information
2007-10-07 15:40:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-07 10:14:21 0 d-------- C:\Program Files\Microsoft Games
2007-10-07 10:09:39 0 d-------- C:\Documents and Settings\Pete's\Application Data\My Battle for Middle-earth Files
2007-10-07 00:33:17 0 d-------- C:\Program Files\MAIET
2007-10-07 00:33:06 0 d-------- C:\Program Files\Line Adventures
2007-10-07 00:27:07 0 d-------- C:\Program Files\UltraISO
2007-10-07 00:26:46 0 d-------- C:\Program Files\TurboTax
2007-10-07 00:26:40 0 d-------- C:\Program Files\Common Files
2007-10-07 00:26:17 0 d-------- C:\Program Files\Total Video Converter
2007-10-07 00:23:09 0 d-------- C:\Program Files\Datel
2007-10-07 00:22:47 0 d-------- C:\Program Files\Lenogo iPod to PC Transfer
2007-10-07 00:19:44 0 d-------- C:\Documents and Settings\Pete's\Application Data\Google
2007-10-07 00:16:56 0 d-------- C:\Program Files\DarwiniaDemo2
2007-10-07 00:16:14 0 d-------- C:\Documents and Settings\Pete's\Application Data\Dev-Cpp
2007-10-07 00:15:29 0 d-------- C:\Program Files\AviSynth 2.5
2007-10-05 15:10:39 28 --a------ C:\WINDOWS\liccyval.dat
2007-10-04 20:04:22 0 d-------- C:\Program Files\Java
2007-09-30 16:32:37 0 d-------- C:\Documents and Settings\Pete's\Application Data\NetMedia Providers
2007-09-29 13:36:15 0 d-------- C:\Documents and Settings\Pete's\Application Data\InstallShield
2007-09-29 11:13:44 0 d-------- C:\Documents and Settings\Pete's\Application Data\uTorrent
2007-09-29 10:37:38 0 d-------- C:\Program Files\MagicISO
2007-09-28 15:52:58 2246 --a------ C:\WINDOWS\system32\wzfil.dll
2007-09-28 15:52:56 6050 --a------ C:\WINDOWS\system32\wrestfil.dll
2007-09-28 15:52:56 4162 --a------ C:\WINDOWS\system32\viofil.dll
2007-09-28 15:52:56 5782 --a------ C:\WINDOWS\system32\vgamfil.dll
2007-09-28 15:52:56 1656 --a------ C:\WINDOWS\system32\tapfil.dll
2007-09-28 15:52:56 14712 --a------ C:\WINDOWS\system32\tafil.dll
2007-09-28 15:52:56 6830 --a------ C:\WINDOWS\system32\swfil.dll
2007-09-28 15:52:56 258 --a------ C:\WINDOWS\system32\srchout.dll
2007-09-28 15:52:56 3444 --a------ C:\WINDOWS\system32\srchin.dll
2007-09-28 15:52:56 540 --a------ C:\WINDOWS\system32\srchfrgn.dll
2007-09-28 15:52:56 12266 --a------ C:\WINDOWS\system32\sporfil.dll
2007-09-28 15:52:56 724 --a------ C:\WINDOWS\system32\spmfil.dll
2007-09-28 15:52:56 592 --a------ C:\WINDOWS\system32\snetfil.dll
2007-09-28 15:52:54 157916 --a------ C:\WINDOWS\system32\pxyfil.dll
2007-09-28 15:52:54 12730 --a------ C:\WINDOWS\system32\psyfil.dll
2007-09-28 15:52:54 16802 --a------ C:\WINDOWS\system32\popfil.dll
2007-09-28 15:52:54 9634 --a------ C:\WINDOWS\system32\pkmon.dll
2007-09-28 15:52:54 306 --a------ C:\WINDOWS\system32\picsfil.dll
2007-09-28 15:52:54 22618 --a------ C:\WINDOWS\system32\perfil.dll
2007-09-28 15:52:52 17488 --a------ C:\WINDOWS\system32\nvgamfil.dll
2007-09-28 15:52:52 116 --a------ C:\WINDOWS\system32\nfil.dll
2007-09-28 15:52:52 670 --a------ C:\WINDOWS\system32\mp3fil.dll
2007-09-28 15:52:52 7778 --a------ C:\WINDOWS\system32\movfil.dll
2007-09-28 15:52:52 34 --a------ C:\WINDOWS\system32\macfil.dll
2007-09-28 15:52:52 3286 --a------ C:\WINDOWS\system32\lgwfil.dll
2007-09-28 15:52:52 18 --a------ C:\WINDOWS\system32\lastupdate.dll
2007-09-28 15:52:52 8652 --a------ C:\WINDOWS\system32\jbfil.dll
2007-09-28 15:52:52 1100 --a------ C:\WINDOWS\system32\imgfil.dll
2007-09-28 15:52:52 194 --a------ C:\WINDOWS\system32\igefil.dll
2007-09-28 15:52:52 5180 --a------ C:\WINDOWS\system32\iawfil.dll
2007-09-28 15:52:52 4442 --a------ C:\WINDOWS\system32\hatfil.dll
2007-09-28 15:52:52 9796 --a------ C:\WINDOWS\system32\gnfil.dll
2007-09-28 15:52:50 1482 --a------ C:\WINDOWS\system32\gdwfil.dll
2007-09-28 15:52:50 13070 --a------ C:\WINDOWS\system32\gblfil.dll
2007-09-28 15:52:50 1816 --a------ C:\WINDOWS\system32\fshrfil.dll
2007-09-28 15:52:50 11338 --a------ C:\WINDOWS\system32\fmfil.dll
2007-09-28 15:52:50 13154 --a------ C:\WINDOWS\system32\finfil.dll
2007-09-28 15:52:50 12422 --a------ C:\WINDOWS\system32\entfil.dll
2007-09-28 15:52:50 1830 --a------ C:\WINDOWS\system32\cultfil.dll
2007-09-28 15:52:50 1790 --a------ C:\WINDOWS\system32\csnews.dll
2007-09-28 15:52:50 10906 --a------ C:\WINDOWS\system32\chtfil.dll
2007-09-28 15:52:50 400 --a------ C:\WINDOWS\system32\bsnlst.dll
2007-09-28 15:52:50 100 --a------ C:\WINDOWS\system32\bnrfil.dll
2007-09-28 15:52:48 7642 --a------ C:\WINDOWS\system32\auctfil.dll
2007-09-28 15:52:48 88076 --a------ C:\WINDOWS\system32\adwfil.dll
2007-09-17 16:11:43 0 d-------- C:\Program Files\Common Files\InstallShield
2007-08-27 15:45:35 0 d-------- C:\Program Files\Real
2007-08-27 15:44:12 0 d-------- C:\Program Files\Windows Live
2007-08-24 18:40:38 0 d-------- C:\Program Files\HP
2007-08-24 16:52:11 0 d-------- C:\Documents and Settings\Pete's\Application Data\Macromedia
2007-08-20 12:50:18 0 d-------- C:\Program Files\Accursed Toys
2007-08-19 15:54:07 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-17 10:50:28 3648 --a------ C:\WINDOWS\system32\giisjvor.dll
2007-08-14 13:56:50 0 d-------- C:\Program Files\LimeWire
2007-08-13 19:02:00 0 d-------- C:\Program Files\iPod
2007-08-13 18:02:08 0 d-------- C:\Program Files\QuickTime
2007-08-13 18:00:19 0 d-------- C:\Program Files\Apple Software Update
2007-08-13 17:59:42 0 d-------- C:\Program Files\Common Files\Apple
2007-07-25 21:26:12 22907904 --a------ C:\ledbackground
2007-07-24 17:44:42 23 --a------ C:\Documents and Settings\Pete's\Application Data\Download.url
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 05:04 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [01/12/2005 02:54 PM]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [08/21/2003 04:23 AM]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [08/21/2003 04:15 AM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/14/2004 01:43 PM]
"VTTimer"="VTTimer.exe" [01/15/2004 09:33 PM C:\WINDOWS\system32\VTTimer.exe]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 02:01 AM]
"AGRSMMSG"="AGRSMMSG.exe" [03/04/2005 12:01 PM C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [11/30/2004 10:10 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 04:44 PM]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [03/06/2006 01:48 PM]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [02/07/2006 01:10 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/31/2007 06:44 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 02:25 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/25/2004 07:07 PM]
"SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" []
"Ink Monitor"="C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe" [10/16/2001 11:10 AM]
"C2K"="C:\WINDOWS\Cyb2k.exe" [08/03/2004 10:47 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 03:06 AM]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [10/05/2007 07:09 PM]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [02/24/2006 07:54 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [01/09/2004 02:34 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/04/2007 07:23 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [1/2/2005 4:50:01 PM]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [8/22/2004 12:45:32 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/16/2003 1:19:24 PM]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [4/1/2004 2:16:45 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- End of Deckard's System Scanner: finished at 2007-10-13 11:31:32 ------------
-
Okay! Here it is
Scanning Report
Friday, October 12, 2007 18:53:43 - 21:07:24
Computer name: SHADOW
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
--------------------------------------------------------------------------------
Result: 68 malware found
Malware.ADRA (virus)
C:\HP\BIN\TRIALHTML\OFFICE 2003 EDITION 60 DAY TRIAL.EXE (Submitted)
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
Vundo.dam (virus)
C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\PETE'S\LOCALS~1\TEMP\QEYTGTMC.DLL (Submitted)
C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\PETE'S\LOCALS~1\TEMP\TYKSNGLX.DLL (Submitted)
C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\PETE'S\LOCALS~1\TEMP\VLAAGGVY.DLL (Submitted)
C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\PETE'S\LOCALS~1\TEMP\VVEXJYSP.DLL (Submitted)
Vundo.gen38 (virus)
C:\WINDOWS\SYSTEM32\AOKLYWNB.INI (Submitted)
C:\WINDOWS\SYSTEM32\DKTQLWMB.INI (Submitted)
C:\WINDOWS\SYSTEM32\DVXBNWJX.INI (Submitted)
C:\WINDOWS\SYSTEM32\DWVWGUKI.INI (Submitted)
C:\WINDOWS\SYSTEM32\EUGOEIUB.INI (Submitted)
C:\WINDOWS\SYSTEM32\EVNXUPBM.INI (Submitted)
C:\WINDOWS\SYSTEM32\FGIRIWGE.INI (Submitted)
C:\WINDOWS\SYSTEM32\JRKYSUUH.INI (Submitted)
C:\WINDOWS\SYSTEM32\KNCAHCUV.INI (Submitted)
C:\WINDOWS\SYSTEM32\ODEXOPRA.INI (Submitted)
C:\WINDOWS\SYSTEM32\QBMYWCIV.INI (Submitted)
C:\WINDOWS\SYSTEM32\RASIQALO.INI (Submitted)
C:\WINDOWS\SYSTEM32\RYISDBET.INI (Submitted)
C:\WINDOWS\SYSTEM32\SKMASOQM.INI (Submitted)
C:\WINDOWS\SYSTEM32\SOEJVRLQ.INI (Submitted)
C:\WINDOWS\SYSTEM32\THEQWNDY.INI (Submitted)
C:\WINDOWS\SYSTEM32\TINAROEK.INI (Submitted)
C:\WINDOWS\SYSTEM32\TLMGWICF.INI (Submitted)
C:\WINDOWS\SYSTEM32\UBQWIPKS.INI (Submitted)
C:\WINDOWS\SYSTEM32\VPWVONJJ.INI (Submitted)
Vundo.gen39 (virus)
C:\WINDOWS\SYSTEM32\AJHHKBJY.INI (Submitted)
C:\WINDOWS\SYSTEM32\BHJPMRIE.INI (Submitted)
C:\WINDOWS\SYSTEM32\EEEQIPDS.INI (Submitted)
C:\WINDOWS\SYSTEM32\GHMXISUM.INI (Submitted)
C:\WINDOWS\SYSTEM32\HNRWTSCL.INI (Submitted)
C:\WINDOWS\SYSTEM32\ITOSLLCF.INI (Submitted)
C:\WINDOWS\SYSTEM32\JPTPINSG.INI (Submitted)
C:\WINDOWS\SYSTEM32\KAMOFHOA.INI (Submitted)
C:\WINDOWS\SYSTEM32\LWOBJSST.INI (Submitted)
C:\WINDOWS\SYSTEM32\MSDKIIUS.INI (Submitted)
C:\WINDOWS\SYSTEM32\OKGJIBGB.INI (Submitted)
C:\WINDOWS\SYSTEM32\PUCBSJTN.INI (Submitted)
C:\WINDOWS\SYSTEM32\QIGRKETY.INI (Submitted)
C:\WINDOWS\SYSTEM32\SOFLECPJ.INI (Submitted)
C:\WINDOWS\SYSTEM32\SRTBVXEW.INI (Submitted)
C:\WINDOWS\SYSTEM32\TUWRFDWI.INI (Submitted)
C:\WINDOWS\SYSTEM32\TWUTSNIL.INI (Submitted)
--------------------------------------------------------------------------------
Statistics
Scanned:
Files: 66085
System: 6551
Not scanned: 12
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 67
Submitted: 42
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\$NTUNINSTALLQ828026$\MSDXM.OCX
C:\WINDOWS\$NTUNINSTALLQ828026$\WMP.DLL
C:\WINDOWS\$NTUNINSTALLKB839645$\FLDRCLNR.DLL
C:\WINDOWS\$NTUNINSTALLKB837001$\DAO360.DLL
C:\RECYCLER\S-1-5-21-321053874-2636943631-3830183119-1003\DC11.LNK
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MEDIA PLAYER\COMPONENTS\VETSDK.DLL
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\XAUPDATE.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\PLUG_INS\MULTIMEDIA\MPP\ATMOSPHEREMPP.MPP
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1DD491DC9AFBF2A7891310B584217359_A041A4AD-923E-4008-913D-823040B1FB43
--------------------------------------------------------------------------------
Options
Scanning engines:
F-Secure AVP: 7.0.171, 2007-10-12
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0598-150-72
F-Secure Libra: 2.4.2, 2007-10-12
F-Secure Orion: 1.2.37, 2007-10-12
F-Secure Pegasus: 1.19.0, 2007-09-10
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Use Advanced heuristics
--------------------------------------------------------------------------------
Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
-
Oh no! Panda active scan keeps getting stuck on the checking memory part, The status bar doesn't move at all! I know its not normal because I remeber doing one 7 months ago. Help?
-
Thank god! Okay, I installed the dell thing correctly. heres my HJT log and I attached the combofix log.
Logfile of HijackThis v1.99.1
Scan saved at 6:09:21 PM, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Cyb2k.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Pete's\My Documents\highjackthis\energy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [updateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [iNTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187204501375
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A954AFC3-3A26-44C2-A126-2B61C09F8FC9} (SNRecovery Control) - http://www.cybersitter.com/recovery/ocx/SerialRecovery.ocx
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
-
I figured it out
Heres the Dr.web log.KillWind.exe;C:\hp\bin;Tool.ProcessKill;Incurable.Deleted
RealBar.dll;C:\Program Files\Real\Toolbar;Adware.MegaSearch.origin;Incurable.Deleted
And heres the HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 3:19:46 PM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Cyb2k.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Pete's\My Documents\highjackthis\energy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [updateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [iNTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187204501375
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A954AFC3-3A26-44C2-A126-2B61C09F8FC9} (SNRecovery Control) - http://www.cybersitter.com/recovery/ocx/SerialRecovery.ocx
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
-
Sorry it took a while, Dr.Web took 13 hours to scan >.> Heres the Superantispyware log. I'll post teh HJT log and Dr.Web log next. Also, I just saw your edit with the deldomains and I think I installed it. Nothing else popsup when I click open after right click install correct? And I don't need to run Dr. Web again Do I? It took forever the firsttime...
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/08/2007 at 08:03 PM
Application Version : 3.9.1008
Core Rules Database Version : 3321
Trace Rules Database Version: 1322
Scan type : Complete Scan
Total Scan Time : 01:31:43
Memory items scanned : 530
Memory threats detected : 0
Registry items scanned : 6951
Registry threats detected : 3
File items scanned : 72520
File threats detected : 169
Adware.Tracking Cookie
C:\Documents and Settings\Pete's\Cookies\pete'[email protected][2].txt
C:\Documents and Settings\Pete's\Cookies\pete's@statcounter[3].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@accelerator-media[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad-rotator[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@adecn[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adinterax[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adknowledge[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adlegend[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@adultbouncer[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adultfilmdatabase[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@advertpro[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@atwola[2].txt
C:\Documents and Settings\Owner\Cookies\owner@azjmp[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bannerspace[1].txt
C:\Documents and Settings\Owner\Cookies\owner@belnk[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@bizrate[2].txt
C:\Documents and Settings\Owner\Cookies\owner@click-fr[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@clickability[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@coolsavings[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@counter[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@easy-hit-counters[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@entrepreneur[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@focalex[2].txt
C:\Documents and Settings\Owner\Cookies\owner@gamestats[2].txt
C:\Documents and Settings\Owner\Cookies\owner@gostats[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@herfirstlesbiansex[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@hits_tracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@honoluluadvertiser[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@indextools[1].txt
C:\Documents and Settings\Owner\Cookies\owner@interclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@itnnetmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@kanoodle[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@maxserving[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@medianewsgroup[2].txt
C:\Documents and Settings\Owner\Cookies\owner@megastats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@musclemedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mysextour[1].txt
C:\Documents and Settings\Owner\Cookies\owner@nandomedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@nextag[2].txt
C:\Documents and Settings\Owner\Cookies\owner@onlinerewardcenter[1].txt
C:\Documents and Settings\Owner\Cookies\owner@partner2profit[2].txt
C:\Documents and Settings\Owner\Cookies\owner@partsexpress[2].txt
C:\Documents and Settings\Owner\Cookies\owner@perfettomedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@pornstarbucks[1].txt
C:\Documents and Settings\Owner\Cookies\owner@qnsr[2].txt
C:\Documents and Settings\Owner\Cookies\owner@rightmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@roiservice[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@sex-superstore[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@statsgold[1].txt
C:\Documents and Settings\Owner\Cookies\owner@Stats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@Stats[2].txt
C:\Documents and Settings\Owner\Cookies\owner@Stats[4].txt
C:\Documents and Settings\Owner\Cookies\owner@superstats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@toplist[1].txt
C:\Documents and Settings\Owner\Cookies\owner@toplist[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@tracking[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tracking[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tracking[4].txt
C:\Documents and Settings\Owner\Cookies\owner@tripod[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@webstats[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@xxxbdsm43578[1].txt
C:\Documents and Settings\Pete's\Cookies\pete'[email protected][2].txt
C:\Documents and Settings\Pete's\Cookies\pete'[email protected][1].txt
C:\Documents and Settings\Pete's\Cookies\pete's@statcounter[1].txt
C:\Documents and Settings\Pete's\Cookies\pete'[email protected][1].txt
Trojan.ZenoSearch
C:\WINDOWS\system32\msnav32.ax
C:\SYSTEM VOLUME INFORMATION\_RESTORE{70304573-AB33-4072-AA96-4495C42D15E3}\RP236\A0243247.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{70304573-AB33-4072-AA96-4495C42D15E3}\RP243\A0245474.EXE
Adware.Think-Adz
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant#UninstallString
Trojan.WinAntiSpyware 2007
C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\PETE'S\LOCALS~1\TEMP\WINANTISPYWARE2007SETUP.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{70304573-AB33-4072-AA96-4495C42D15E3}\RP118\A0150348.EXE
Adware.ClickSpring/Yazzle
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1281OINUNINSTALLER.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{70304573-AB33-4072-AA96-4495C42D15E3}\RP226\A0239176.EXE
Trojan.Net-MSV/VPS-G
C:\SYSTEM VOLUME INFORMATION\_RESTORE{70304573-AB33-4072-AA96-4495C42D15E3}\RP169\A0219791.DLL
Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\WINPFZ32.SYS
Adware.Unknown Origin
C:\WINDOWS\SYSTEM32\ZXDNT3D.CFG
Trace.Known Threat Sources
C:\Deckard\System Scanner\backup\DOCUME~1\Pete's\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\O1U74PY7\ping[1].htm
C:\Deckard\System Scanner\backup\DOCUME~1\Pete's\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\O1U74PY7\anota[1].htm
C:\Deckard\System Scanner\backup\DOCUME~1\Pete's\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GPM3816F\checkin[1].htm
-
heres the HJT log
Logfile of HijackThis v1.99.1
Scan saved at 3:08:17 PM, on 10/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Cyb2k.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Documents and Settings\Pete's\My Documents\highjackthis\energy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [updateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [iNTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187204501375
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A954AFC3-3A26-44C2-A126-2B61C09F8FC9} (SNRecovery Control) - http://www.cybersitter.com/recovery/ocx/SerialRecovery.ocx
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
-
Okay, I didn't find Limewire in the add/remove programs. My brother installed it a while back so I unistalled it. Is there any other way to unistall it?
Also, after running combofix with the script like you told me, I couldn't connect to the internet after it was done, So I was stuck with having to do a system restore. attached the combofixlog. I'll post the HJT log after that. Oh and these were saved before I did the systm restore.
-
And hjeres the HJT log
Logfile of HijackThis v1.99.1
Scan saved at 11:35:58 AM, on 10/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Cyb2k.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pete's\My Documents\highjackthis\energy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [updateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [iNTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187204501375
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A954AFC3-3A26-44C2-A126-2B61C09F8FC9} (SNRecovery Control) - http://www.cybersitter.com/recovery/ocx/SerialRecovery.ocx
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
-
Okay, I attached the Combofix log because It was too big to copy+paste.
-
K, did the BFU thing and heres the log from F-Secure
Scanning Report
Saturday, October 06, 2007 11:02:54 - 13:30:52
Computer name: SHADOW
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
--------------------------------------------------------------------------------
Result: 68 malware found
Malware.ADRA (virus)
C:\HP\BIN\TRIALHTML\OFFICE 2003 EDITION 60 DAY TRIAL.EXE (Submitted)
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
Vundo.dam (virus)
C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\PETE'S\LOCALS~1\TEMP\QEYTGTMC.DLL (Submitted)
C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\PETE'S\LOCALS~1\TEMP\TYKSNGLX.DLL (Submitted)
C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\PETE'S\LOCALS~1\TEMP\VLAAGGVY.DLL (Submitted)
C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\PETE'S\LOCALS~1\TEMP\VVEXJYSP.DLL (Submitted)
Vundo.gen38 (virus)
C:\WINDOWS\SYSTEM32\AOKLYWNB.INI (Submitted)
C:\WINDOWS\SYSTEM32\DKTQLWMB.INI (Submitted)
C:\WINDOWS\SYSTEM32\DVXBNWJX.INI (Submitted)
C:\WINDOWS\SYSTEM32\DWVWGUKI.INI (Submitted)
C:\WINDOWS\SYSTEM32\EUGOEIUB.INI (Submitted)
C:\WINDOWS\SYSTEM32\EVNXUPBM.INI (Submitted)
C:\WINDOWS\SYSTEM32\FGIRIWGE.INI (Submitted)
C:\WINDOWS\SYSTEM32\JRKYSUUH.INI (Submitted)
C:\WINDOWS\SYSTEM32\KNCAHCUV.INI (Submitted)
C:\WINDOWS\SYSTEM32\ODEXOPRA.INI (Submitted)
C:\WINDOWS\SYSTEM32\QBMYWCIV.INI (Submitted)
C:\WINDOWS\SYSTEM32\RASIQALO.INI (Submitted)
C:\WINDOWS\SYSTEM32\RYISDBET.INI (Submitted)
C:\WINDOWS\SYSTEM32\SKMASOQM.INI (Submitted)
C:\WINDOWS\SYSTEM32\SOEJVRLQ.INI (Submitted)
C:\WINDOWS\SYSTEM32\THEQWNDY.INI (Submitted)
C:\WINDOWS\SYSTEM32\TINAROEK.INI (Submitted)
C:\WINDOWS\SYSTEM32\TLMGWICF.INI (Submitted)
C:\WINDOWS\SYSTEM32\UBQWIPKS.INI (Submitted)
C:\WINDOWS\SYSTEM32\VPWVONJJ.INI (Submitted)
Vundo.gen39 (virus)
C:\WINDOWS\SYSTEM32\AJHHKBJY.INI (Submitted)
C:\WINDOWS\SYSTEM32\BHJPMRIE.INI (Submitted)
C:\WINDOWS\SYSTEM32\EEEQIPDS.INI (Submitted)
C:\WINDOWS\SYSTEM32\GHMXISUM.INI (Submitted)
C:\WINDOWS\SYSTEM32\HNRWTSCL.INI (Submitted)
C:\WINDOWS\SYSTEM32\ITOSLLCF.INI (Submitted)
C:\WINDOWS\SYSTEM32\JPTPINSG.INI (Submitted)
C:\WINDOWS\SYSTEM32\KAMOFHOA.INI (Submitted)
C:\WINDOWS\SYSTEM32\LWOBJSST.INI (Submitted)
C:\WINDOWS\SYSTEM32\MSDKIIUS.INI (Submitted)
C:\WINDOWS\SYSTEM32\OKGJIBGB.INI (Submitted)
C:\WINDOWS\SYSTEM32\PUCBSJTN.INI (Submitted)
C:\WINDOWS\SYSTEM32\QIGRKETY.INI (Submitted)
C:\WINDOWS\SYSTEM32\SOFLECPJ.INI (Submitted)
C:\WINDOWS\SYSTEM32\SRTBVXEW.INI (Submitted)
C:\WINDOWS\SYSTEM32\TUWRFDWI.INI (Submitted)
C:\WINDOWS\SYSTEM32\TWUTSNIL.INI (Submitted)
--------------------------------------------------------------------------------
Statistics
Scanned:
Files: 74815
System: 6830
Not scanned: 13
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 67
Submitted: 42
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\PREFETCH\LAYOUT.INI
C:\WINDOWS\$NTUNINSTALLQ828026$\MSDXM.OCX
C:\WINDOWS\$NTUNINSTALLQ828026$\WMP.DLL
C:\WINDOWS\$NTUNINSTALLKB839645$\FLDRCLNR.DLL
C:\WINDOWS\$NTUNINSTALLKB837001$\DAO360.DLL
C:\RECYCLER\S-1-5-21-321053874-2636943631-3830183119-1003\DC11.LNK
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MEDIA PLAYER\COMPONENTS\VETSDK.DLL
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\XAUPDATE.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\PLUG_INS\MULTIMEDIA\MPP\ATMOSPHEREMPP.MPP
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1DD491DC9AFBF2A7891310B584217359_A041A4AD-923E-4008-913D-823040B1FB43
--------------------------------------------------------------------------------
Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-10-05
F-Secure AVP: 7.0.171, 2007-10-06
F-Secure Orion: 1.2.37, 2007-10-06
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0598-150-72
F-Secure Pegasus: 1.19.0, 2007-09-02
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Use Advanced heuristics
--------------------------------------------------------------------------------
Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
-
Oh! And when I got home today there was a shortcut on my desktop for "15 free ringtones!" and "get yopur free iPhone here!" two more appeared just now. I think It might be because of thinkadz or something.
-
-
Okay! Deleted Norton, installed Avast! and got Comodo running. I need to know if twinqmds.exe is safe or not because I can't find anything about it on google.
Anyways, heres my HJT log. I'll post the Avast! log next
Logfile of HijackThis v1.99.1
Scan saved at 7:20:01 PM, on 10/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Cyb2k.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\twinqmds.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Pete's\My Documents\highjackthis\energy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B62F5B2F-FB3C-45BC-97BF-9EBE1A61AED4} - C:\WINDOWS\system32\awvtr.dll (file missing)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [updateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\twinqmds.exe CHD003
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\twinqmds.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in New &Window (PopOops) - C:\WINDOWS\Web\PopOops.htm
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [iNTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187204501375
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A954AFC3-3A26-44C2-A126-2B61C09F8FC9} (SNRecovery Control) - http://www.cybersitter.com/recovery/ocx/SerialRecovery.ocx
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
-
Ooh...Thats not good at all.
yep We have the 2004 norton stuff, I think it came with the computer and it hasn't been renewed in a few years. I'm not sure if the norton firewall is active or not, but if it isn't then no. No other firewalls. Norton antivirus is used also.
Edit: oops, forgot the HJT log, here it is
Logfile of HijackThis v1.99.1
Scan saved at 8:09:44 PM, on 10/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
c:\windows\system32\dwdsrngt.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Cyb2k.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Documents and Settings\Pete's\My Documents\highjackthis\energy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B62F5B2F-FB3C-45BC-97BF-9EBE1A61AED4} - C:\WINDOWS\system32\awvtr.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [updateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{08-8B-BF-FC-ZN}] c:\windows\system32\dwdsrngt.exe CHD003
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsrngt.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in New &Window (PopOops) - C:\WINDOWS\Web\PopOops.htm
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [iNTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187204501375
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A954AFC3-3A26-44C2-A126-2B61C09F8FC9} (SNRecovery Control) - http://www.cybersitter.com/recovery/ocx/SerialRecovery.ocx
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
Computer Getting Pop-ups And Running Slower Than Usual.
in Malware Removal
Posted
I've just decided to reinstall windows, thanks for your help though.