Tech Support Forum - View Single Post

rzantarra · 06-25-2007, 04:21 PM

I uninstalled Utorrent as per your instructions. As for the Avenger, I believe it was a part of a old fix and the directory on the c drive is empty. I ran a scan for avenger in my computer and all it came up with files associated to the various games that I have installed on my computer.

As for the hijackthis fix: there were only two of the 02's to fix and the other entries weren't on the hijackthis scan I ran prior to the fix. I corrected what I could.

"Robert Terry" - 2007-06-25 18:07:08 - ComboFix 07-06-26 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Robert Terry\Desktop\ComboFix-Do.txt

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\atwsettl1.exe
C:\atwsettl2.exe
C:\atwsettl3.exe
C:\Avenger
C:\Documents and Settings\All Users\Application Data\yhypghyz.exe
C:\VundoFix Backups
C:\VundoFix Backups\awtsp.dll.bad
C:\VundoFix Backups\nqstv.bak1.bad
C:\VundoFix Backups\nqstv.bak2.bad
C:\VundoFix Backups\nqstv.ini.bad
C:\VundoFix Backups\nqstv.ini2.bad
C:\VundoFix Backups\nqstv.tmp.bad
C:\VundoFix Backups\pstwa.bak1.bad
C:\VundoFix Backups\pstwa.bak2.bad
C:\VundoFix Backups\pstwa.ini.bad
C:\VundoFix Backups\pstwa.ini2.bad
C:\VundoFix Backups\pstwa.tmp.bad
C:\VundoFix Backups\vtsqn.dll.bad
C:\WINDOWS\system32\atwsettl
C:\WINDOWS\system32\atwsettl\bg1.gif
C:\WINDOWS\system32\atwsettl\bgtop.gif
C:\WINDOWS\system32\atwsettl\bottom1.gif
C:\WINDOWS\system32\atwsettl\essentials.gif
C:\WINDOWS\system32\atwsettl\icon1.ico
C:\WINDOWS\system32\atwsettl\install1.gif
C:\WINDOWS\system32\atwsettl\left1.gif
C:\WINDOWS\system32\atwsettl\li.gif
C:\WINDOWS\system32\atwsettl\logo.gif
C:\WINDOWS\system32\atwsettl\main.htm
C:\WINDOWS\system32\atwsettl\mainframe.htm
C:\WINDOWS\system32\atwsettl\reinstall1.gif
C:\WINDOWS\system32\atwsettl\right1.gif
C:\WINDOWS\system32\atwsettl\s1.htm
C:\WINDOWS\system32\atwsettl\s2.htm
C:\WINDOWS\system32\atwsettl\s3.htm
C:\WINDOWS\system32\atwsettl\SMTop1.gif
C:\WINDOWS\system32\atwsettl\SMTop2.gif
C:\WINDOWS\system32\atwsettl\SMTop3.gif
C:\WINDOWS\system32\atwsettl\SMTop4.gif
C:\WINDOWS\system32\atwsettl\soft1_off.gif
C:\WINDOWS\system32\atwsettl\soft1_off_ext.gif
C:\WINDOWS\system32\atwsettl\soft1_on.gif
C:\WINDOWS\system32\atwsettl\soft1_on_ext.gif
C:\WINDOWS\system32\atwsettl\soft2_off.gif
C:\WINDOWS\system32\atwsettl\soft2_off_ext.gif
C:\WINDOWS\system32\atwsettl\soft2_on.gif
C:\WINDOWS\system32\atwsettl\soft2_on_ext.gif
C:\WINDOWS\system32\atwsettl\soft3_off.gif
C:\WINDOWS\system32\atwsettl\soft3_off_ext.gif
C:\WINDOWS\system32\atwsettl\soft3_on.gif
C:\WINDOWS\system32\atwsettl\soft3_on_ext.gif
C:\WINDOWS\system32\atwsettl\softbottom_off.gif
C:\WINDOWS\system32\atwsettl\softbottom_on.gif
C:\WINDOWS\system32\atwsettl\softleft_off.gif
C:\WINDOWS\system32\atwsettl\softleft_on.gif
C:\WINDOWS\system32\atwsettl\top1.gif
C:\WINDOWS\system32\atwsettl\top2.gif
C:\WINDOWS\system32\atwsettl\turnoff1.gif
C:\WINDOWS\system32\atwsettl\turnon1.gif
C:\WINDOWS\system32\kkvhryah.exe

((((((((((((((((((((((((( Files Created from 2007-05-25 to 2007-06-25 )))))))))))))))))))))))))))))))

2007-06-25 15:54 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-25 13:00 21,312 --a------ C:\WINDOWS\choice.exe
2007-06-25 12:59 <DIR> d-------- C:\ie-spyad
2007-06-25 12:57 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-24 23:45 <DIR> d-------- C:\Deckard
2007-06-24 15:26 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot
2007-06-21 23:06 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-06-21 23:06 <DIR> d-------- C:\NVIDIA
2007-06-20 19:31 48,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-06-20 19:31 110,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-06-20 19:31 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2007-06-19 16:53 83,968 -ra------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2007-06-19 16:53 <DIR> d-------- C:\WINDOWS\OPTIONS
2007-06-19 16:53 <DIR> d-------- C:\Program Files\Realtek
2007-06-13 19:23 <DIR> d-------- C:\Program Files\Vstep
2007-05-27 09:57 <DIR> d-------- C:\DOCUME~1\ROBERT~1\APPLIC~1\Command & Conquer 3 Tiberium Wars

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-25 16:49:57 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-25 16:49:42 -------- d-----w C:\Program Files\GetRight
2007-06-25 16:49:40 -------- d-----w C:\Program Files\DAEMON Tools
2007-06-22 12:58:00 -------- d-----w C:\DOCUME~1\ROBERT~1\APPLIC~1\uTorrent
2007-06-20 23:31:48 -------- d-----w C:\Program Files\Symantec
2007-06-19 20:53:25 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-17 23:44:43 -------- d-----w C:\Program Files\Steam
2007-06-13 21:38:21 -------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-06-09 07:23:22 -------- d-----w C:\DOCUME~1\ROBERT~1\APPLIC~1\DivX
2007-05-28 01:24:45 -------- d-----w C:\Program Files\Winamp
2007-05-27 13:40:07 -------- d-----w C:\Program Files\Electronic Arts
2007-05-25 02:45:36 -------- d-----w C:\DOCUME~1\ROBERT~1\APPLIC~1\SecondLife
2007-05-21 21:32:33 -------- d-----w C:\Program Files\Common Files\LogiShrd
2007-05-20 19:38:45 -------- d-----w C:\DOCUME~1\ROBERT~1\APPLIC~1\Ahead
2007-05-20 19:30:46 -------- d-----w C:\Program Files\Nero
2007-05-20 19:30:46 -------- d-----w C:\Program Files\Common Files\Ahead
2007-05-20 19:28:51 -------- d-----w C:\Program Files\Ahead
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-16 02:01:02 -------- d-----w C:\Program Files\Webroot
2007-05-16 02:01:01 -------- d-----w C:\DOCUME~1\ROBERT~1\APPLIC~1\Webroot
2007-05-14 04:03:46 -------- d-----w C:\Program Files\AGEIA Technologies
2007-05-14 04:03:30 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-14 04:00:08 -------- d-----w C:\Program Files\Timeline Interactive
2007-05-10 22:25:32 -------- d-----w C:\Program Files\EA GAMES
2007-05-10 21:03:27 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-10 08:31:51 -------- d-----w C:\DOCUME~1\ROBERT~1\APPLIC~1\MusicIP
2007-05-07 15:22:58 -------- d-----w C:\DOCUME~1\ROBERT~1\APPLIC~1\IGN_DLM
2007-05-07 14:02:09 -------- d-----w C:\DOCUME~1\ROBERT~1\APPLIC~1\Logitech
2007-05-07 14:00:42 -------- d-----w C:\Program Files\Common Files\Logitech
2007-05-07 14:00:22 -------- d-----w C:\Program Files\Logitech
2007-05-06 02:19:00 -------- d-----w C:\Program Files\DivX
2007-05-02 18:04:23 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-05-02 18:04:19 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-05-02 18:04:14 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-05-02 18:04:14 116,472 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-05-02 18:04:06 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-05-02 18:04:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-05-02 18:02:06 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-05-02 18:02:06 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-05-02 18:02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-05-02 18:02:02 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-05-02 18:02:02 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-05-02 18:02:02 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-05-02 18:02:02 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-05-02 18:02:02 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-05-02 18:01:56 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-05-02 18:01:56 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-05-02 18:01:56 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-05-02 18:01:56 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-05-02 02:33:57 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-05-02 02:33:56 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-05-01 17:07:40 -------- d-----w C:\Program Files\Bethesda Softworks
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-04 22:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll
2007-04-04 22:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
2007-03-29 08:42:42 29,704 ----a-w C:\WINDOWS\system32\uxtuneup.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{31FF080D-12A3-439A-A2EF-4BA95A3148E8}=C:\Program Files\GetRight\xx2gr.dll [2006-12-08 18:45]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 06:48]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 03:09]
"LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 03:12]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-20 02:18]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 17:38]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 19:49]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 11:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SnoopFreeUI]
SnoopFreeUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wltray.exe]
C:\WINDOWS\system32\wltray.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb

Contents of the 'Scheduled Tasks' folder
2007-06-22 21:16:15 C:\WINDOWS\tasks\1-Click Maintenance.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-25 18:08:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-25 18:08:59
C:\ComboFix-quarantined-files.txt ... 2007-06-25 18:08
C:\ComboFix2.txt ... 2007-06-25 16:03

--- E O F ---

Deckard's System Scanner v20070611.50
Run by Robert Terry on 2007-06-25 at 18:18:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Robert Terry.exe) ----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:19:55 PM, on 6/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Robert Terry\Desktop\dss.exe
C:\HIJACK~1\ROBERT~1.EXE
C:\WINDOWS\system32\spider.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///E:/Windows%20Reboot/Webpage/chat.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {A1770FD6-A7CB-44DA-AD2C-692D2A2B521B} - (no file)
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework...ex/TmHcmsX.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1166399552390
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ws-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A257B4DE-E54D-4556-862E-EE2CF5BE60E6}: NameServer = 192.168.1.1
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe (file missing)

-- Files created between 2007-05-25 and 2007-06-25 -----------------------------

2007-06-25 13:00:11 21312 --a------ C:\WINDOWS\choice.exe
2007-06-25 12:59:54 0 d-------- C:\ie-spyad
2007-06-25 12:57:37 0 d-------- C:\Program Files\SpywareBlaster
2007-06-24 15:26:08 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-06-21 23

00 0 d-------- C:\NVIDIA
2007-06-20 19:34:47 0 dr------- C:\Documents and Settings\LocalService\Favorites
2007-06-20 19:31:12 0 d-------- C:\Program Files\Symantec AntiVirus
2007-06-19 16:53:31 0 d-------- C:\WINDOWS\OPTIONS
2007-06-19 16:53:31 0 d-------- C:\Program Files\Realtek
2007-06-13 19:23:26 0 d-------- C:\Program Files\Vstep
2007-05-27 09:57:16 0 d-------- C:\Documents and Settings\Robert Terry\Application Data\Command & Conquer 3 Tiberium Wars

-- Find3M Report ---------------------------------------------------------------

2007-06-25 12:49:57 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-06-25 12:49:42 0 d-------- C:\Program Files\GetRight
2007-06-25 12:49:40 0 d-------- C:\Program Files\DAEMON Tools
2007-06-22 08:58:00 0 d-------- C:\Documents and Settings\Robert Terry\Application Data\uTorrent
2007-06-20 19:31:48 0 d-------- C:\Program Files\Symantec
2007-06-19 16:53:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-17 19:44:43 0 d-------- C:\Program Files\Steam
2007-06-13 17:38:21 0 d-------- C:\Program Files\TuneUp Utilities 2007
2007-06-09 03:23:22 0 d-------- C:\Documents and Settings\Robert Terry\Application Data\DivX
2007-05-31 18:57:25 0 d-------- C:\Documents and Settings\Robert Terry\Application Data\Adobe
2007-05-31 18:55:29 0 d-------- C:\Program Files\Common Files\Adobe
2007-05-27 21:24:45 0 d-------- C:\Program Files\Winamp
2007-05-27 09:40:07 0 d-------- C:\Program Files\Electronic Arts
2007-05-24 22:45:52 0 d-------- C:\Documents and Settings\Robert Terry\Application Data\Mozilla
2007-05-24 22:45:36 0 d-------- C:\Documents and Settings\Robert Terry\Application Data\SecondLife
2007-05-21 17:32:33 0 d-------- C:\Program Files\Common Files\LogiShrd
2007-05-20 15:38:45 0 d-------- C:\Documents and Settings\Robert Terry\Application Data\Ahead
2007-05-20 15:30:46 0 d-------- C:\Program Files\Nero
2007-05-20 15:30:46 0 d-------- C:\Program Files\Common Files\Ahead
2007-05-20 15:28:51 0 d-------- C:\Program Files\Ahead
2007-05-15 22:01:02 0 d-------- C:\Program Files\Webroot
2007-05-15 22:01:01 0 d-------- C:\Documents and Settings\Robert Terry\Application Data\Webroot
2007-05-14 00:03:46 0 d-------- C:\Program Files\AGEIA Technologies
2007-05-14 00:03:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-14 00:00:08 0 d-------- C:\Program Files\Timeline Interactive
2007-05-10 18:25:32 0 d-------- C:\Program Files\EA GAMES
2007-05-10 04:31:51 0 d-------- C:\Documents and Settings\Robert Terry\Application Data\MusicIP
2007-05-07 11:22:58 0 d-------- C:\Documents and Settings\Robert Terry\Application Data\IGN_DLM
2007-05-07 10:02:09 0 d-------- C:\Documents and Settings\Robert Terry\Application Data\Logitech
2007-05-07 10:00:42 0 d-------- C:\Program Files\Common Files\Logitech
2007-05-07 10:00:22 0 d-------- C:\Program Files\Logitech
2007-05-05 22:19:00 0 d-------- C:\Program Files\DivX
2007-05-02 14:04:19 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-05-02 14:02:06 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-05-02 14:02:06 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-05-02 14:01:56 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-05-02 14:01:56 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-02 14:01:56 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-02 14:01:56 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-01 22:33:57 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-05-01 13:07:40 0 d-------- C:\Program Files\Bethesda Softworks

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{31FF080D-12A3-439A-A2EF-4BA95A3148E8} C:\Program Files\GetRight\xx2gr.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"LogitechCommunicationsManager"="\"C:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\Communications_Helper.exe\""
"LVCOMSX"="\"C:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\LVComSX.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ADeck"
"hkey"="HKLM"
"command"="C:\\Program Files\\VIAudioi\\SBADeck\\ADeck.exe 1 "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ashDisp"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BrMfcWnd"
"hkey"="HKLM"
"command"="C:\\Program Files\\Brother\\Brmfcmon\\BrMfcWnd.exe /AUTORUN"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="brctrcen"
"hkey"="HKLM"
"command"="C:\\Program Files\\Brother\\ControlCenter3\\brctrcen.exe /autorun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IndexSearch"
"hkey"="HKLM"
"command"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pptd40nt"
"hkey"="HKLM"
"command"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SnoopFreeUI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SnoopFreeUI"
"hkey"="HKLM"
"command"="SnoopFreeUI.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SSBkgdupdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CLIStart"
"hkey"="HKCU"
"command"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wltray.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wltray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\wltray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp

-- End of Deckard's System Scanner: finished at 2007-06-25 at 18:20:15 ---------

06-25-2007, 04:21 PM	#5 (permalink)
rzantarra Registered User Join Date: Mar 2007 Posts: 28 OS: XP	Re: Vundo virus and other popups I uninstalled Utorrent as per your instructions. As for the Avenger, I believe it was a part of a old fix and the directory on the c drive is empty. I ran a scan for avenger in my computer and all it came up with files associated to the various games that I have installed on my computer. As for the hijackthis fix: there were only two of the 02's to fix and the other entries weren't on the hijackthis scan I ran prior to the fix. I corrected what I could. "Robert Terry" - 2007-06-25 18:07:08 - ComboFix 07-06-26 - Service Pack 2 NTFS Command switches used :: C:\Documents and Settings\Robert Terry\Desktop\ComboFix-Do.txt ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\atwsettl1.exe C:\atwsettl2.exe C:\atwsettl3.exe C:\Avenger C:\Documents and Settings\All Users\Application Data\yhypghyz.exe C:\VundoFix Backups C:\VundoFix Backups\awtsp.dll.bad C:\VundoFix Backups\nqstv.bak1.bad C:\VundoFix Backups\nqstv.bak2.bad C:\VundoFix Backups\nqstv.ini.bad C:\VundoFix Backups\nqstv.ini2.bad C:\VundoFix Backups\nqstv.tmp.bad C:\VundoFix Backups\pstwa.bak1.bad C:\VundoFix Backups\pstwa.bak2.bad C:\VundoFix Backups\pstwa.ini.bad C:\VundoFix Backups\pstwa.ini2.bad C:\VundoFix Backups\pstwa.tmp.bad C:\VundoFix Backups\vtsqn.dll.bad C:\WINDOWS\system32\atwsettl C:\WINDOWS\system32\atwsettl\bg1.gif C:\WINDOWS\system32\atwsettl\bgtop.gif C:\WINDOWS\system32\atwsettl\bottom1.gif C:\WINDOWS\system32\atwsettl\essentials.gif C:\WINDOWS\system32\atwsettl\icon1.ico C:\WINDOWS\system32\atwsettl\install1.gif C:\WINDOWS\system32\atwsettl\left1.gif C:\WINDOWS\system32\atwsettl\li.gif C:\WINDOWS\system32\atwsettl\logo.gif C:\WINDOWS\system32\atwsettl\main.htm C:\WINDOWS\system32\atwsettl\mainframe.htm C:\WINDOWS\system32\atwsettl\reinstall1.gif C:\WINDOWS\system32\atwsettl\right1.gif C:\WINDOWS\system32\atwsettl\s1.htm C:\WINDOWS\system32\atwsettl\s2.htm C:\WINDOWS\system32\atwsettl\s3.htm C:\WINDOWS\system32\atwsettl\SMTop1.gif C:\WINDOWS\system32\atwsettl\SMTop2.gif C:\WINDOWS\system32\atwsettl\SMTop3.gif C:\WINDOWS\system32\atwsettl\SMTop4.gif C:\WINDOWS\system32\atwsettl\soft1_off.gif C:\WINDOWS\system32\atwsettl\soft1_off_ext.gif C:\WINDOWS\system32\atwsettl\soft1_on.gif C:\WINDOWS\system32\atwsettl\soft1_on_ext.gif C:\WINDOWS\system32\atwsettl\soft2_off.gif C:\WINDOWS\system32\atwsettl\soft2_off_ext.gif C:\WINDOWS\system32\atwsettl\soft2_on.gif C:\WINDOWS\system32\atwsettl\soft2_on_ext.gif C:\WINDOWS\system32\atwsettl\soft3_off.gif C:\WINDOWS\system32\atwsettl\soft3_off_ext.gif C:\WINDOWS\system32\atwsettl\soft3_on.gif C:\WINDOWS\system32\atwsettl\soft3_on_ext.gif C:\WINDOWS\system32\atwsettl\softbottom_off.gif C:\WINDOWS\system32\atwsettl\softbottom_on.gif C:\WINDOWS\system32\atwsettl\softleft_off.gif C:\WINDOWS\system32\atwsettl\softleft_on.gif C:\WINDOWS\system32\atwsettl\top1.gif C:\WINDOWS\system32\atwsettl\top2.gif C:\WINDOWS\system32\atwsettl\turnoff1.gif C:\WINDOWS\system32\atwsettl\turnon1.gif C:\WINDOWS\system32\kkvhryah.exe ((((((((((((((((((((((((( Files Created from 2007-05-25 to 2007-06-25 ))))))))))))))))))))))))))))))) 2007-06-25 15:54 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-25 13:00 21,312 --a------ C:\WINDOWS\choice.exe 2007-06-25 12:59 <DIR> d-------- C:\ie-spyad 2007-06-25 12:57 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-06-24 23:45 <DIR> d-------- C:\Deckard 2007-06-24 15:26 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot 2007-06-21 23:06 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-06-21 23:06 <DIR> d-------- C:\NVIDIA 2007-06-20 19:31 48,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-06-20 19:31 110,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-06-20 19:31 <DIR> d-------- C:\Program Files\Symantec AntiVirus 2007-06-19 16:53 83,968 -ra------ C:\WINDOWS\system32\drivers\Rtnicxp.sys 2007-06-19 16:53 <DIR> d-------- C:\WINDOWS\OPTIONS 2007-06-19 16:53 <DIR> d-------- C:\Program Files\Realtek 2007-06-13 19:23 <DIR> d-------- C:\Program Files\Vstep 2007-05-27 09:57 <DIR> d-------- C:\DOCUME~1\ROBERT~1\APPLIC~1\Command & Conquer 3 Tiberium Wars (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-25 16:49:57 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-06-25 16:49:42 -------- d-----w C:\Program Files\GetRight 2007-06-25 16:49:40 -------- d-----w C:\Program Files\DAEMON Tools 2007-06-22 12:58:00 -------- d-----w C:\DOCUME~1\ROBERT~1\APPLIC~1\uTorrent 2007-06-20 23:31:48 -------- d-----w C:\Program Files\Symantec 2007-06-19 20:53:25 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-17 23:44:43 -------- d-----w C:\Program Files\Steam 2007-06-13 21:38:21 -------- d-----w C:\Program Files\TuneUp Utilities 2007 2007-06-09 07:23:22 -------- d-----w C:\DOCUME~1\ROBERT~1\APPLIC~1\DivX 2007-05-28 01:24:45 -------- d-----w C:\Program Files\Winamp 2007-05-27 13:40:07 -------- d-----w C:\Program Files\Electronic Arts 2007-05-25 02:45:36 -------- d-----w C:\DOCUME~1\ROBERT~1\APPLIC~1\SecondLife 2007-05-21 21:32:33 -------- d-----w C:\Program Files\Common Files\LogiShrd 2007-05-20 19:38:45 -------- d-----w C:\DOCUME~1\ROBERT~1\APPLIC~1\Ahead 2007-05-20 19:30:46 -------- d-----w C:\Program Files\Nero 2007-05-20 19:30:46 -------- d-----w C:\Program Files\Common Files\Ahead 2007-05-20 19:28:51 -------- d-----w C:\Program Files\Ahead 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-16 02:01:02 -------- d-----w C:\Program Files\Webroot 2007-05-16 02:01:01 -------- d-----w C:\DOCUME~1\ROBERT~1\APPLIC~1\Webroot 2007-05-14 04:03:46 -------- d-----w C:\Program Files\AGEIA Technologies 2007-05-14 04:03:30 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-05-14 04:00:08 -------- d-----w C:\Program Files\Timeline Interactive 2007-05-10 22:25:32 -------- d-----w C:\Program Files\EA GAMES 2007-05-10 21:03:27 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-05-10 08:31:51 -------- d-----w C:\DOCUME~1\ROBERT~1\APPLIC~1\MusicIP 2007-05-07 15:22:58 -------- d-----w C:\DOCUME~1\ROBERT~1\APPLIC~1\IGN_DLM 2007-05-07 14:02:09 -------- d-----w C:\DOCUME~1\ROBERT~1\APPLIC~1\Logitech 2007-05-07 14:00:42 -------- d-----w C:\Program Files\Common Files\Logitech 2007-05-07 14:00:22 -------- d-----w C:\Program Files\Logitech 2007-05-06 02:19:00 -------- d-----w C:\Program Files\DivX 2007-05-02 18:04:23 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-05-02 18:04:19 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-05-02 18:04:14 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe 2007-05-02 18:04:14 116,472 ----a-w C:\WINDOWS\system32\pxcpyi64.exe 2007-05-02 18:04:06 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-05-02 18:04:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-05-02 18:02:06 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-05-02 18:02:06 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-05-02 18:02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-05-02 18:02:02 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-05-02 18:02:02 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-05-02 18:02:02 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-05-02 18:02:02 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-05-02 18:02:02 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-05-02 18:01:56 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-05-02 18:01:56 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-05-02 18:01:56 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-05-02 18:01:56 740,442 ----a-w C:\WINDOWS\system32\DivX.dll 2007-05-02 02:33:57 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-05-02 02:33:56 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe 2007-05-01 17:07:40 -------- d-----w C:\Program Files\Bethesda Softworks 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-04 22:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll 2007-04-04 22:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll 2007-03-29 08:42:42 29,704 ----a-w C:\WINDOWS\system32\uxtuneup.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {31FF080D-12A3-439A-A2EF-4BA95A3148E8}=C:\Program Files\GetRight\xx2gr.dll [2006-12-08 18:45] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 06:48] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 03:09] "LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 03:12] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-20 02:18] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 17:38] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 19:49] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 11:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SnoopFreeUI] SnoopFreeUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wltray.exe] C:\WINDOWS\system32\wltray.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs UxTuneUp HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb Contents of the 'Scheduled Tasks' folder 2007-06-22 21:16:15 C:\WINDOWS\tasks\1-Click Maintenance.job ************************************************************************ catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-25 18:08:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-06-25 18:08:59 C:\ComboFix-quarantined-files.txt ... 2007-06-25 18:08 C:\ComboFix2.txt ... 2007-06-25 16:03 --- E O F --- Deckard's System Scanner v20070611.50 Run by Robert Terry on 2007-06-25 at 18:18:54 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Robert Terry.exe) ---------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 6:19:55 PM, on 6/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Robert Terry\Desktop\dss.exe C:\HIJACK~1\ROBERT~1.EXE C:\WINDOWS\system32\spider.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///E:/Windows%20Reboot/Webpage/chat.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {A1770FD6-A7CB-44DA-AD2C-692D2A2B521B} - (no file) O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework...ex/TmHcmsX.CAB O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1166399552390 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ws-i586-jc.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A257B4DE-E54D-4556-862E-EE2CF5BE60E6}: NameServer = 192.168.1.1 O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe (file missing) -- Files created between 2007-05-25 and 2007-06-25 ----------------------------- 2007-06-25 13:00:11 21312 --a------ C:\WINDOWS\choice.exe 2007-06-25 12:59:54 0 d-------- C:\ie-spyad 2007-06-25 12:57:37 0 d-------- C:\Program Files\SpywareBlaster 2007-06-24 15:26:08 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot 2007-06-21 2300 0 d-------- C:\NVIDIA 2007-06-20 19:34:47 0 dr------- C:\Documents and Settings\LocalService\Favorites 2007-06-20 19:31:12 0 d-------- C:\Program Files\Symantec AntiVirus 2007-06-19 16:53:31 0 d-------- C:\WINDOWS\OPTIONS 2007-06-19 16:53:31 0 d-------- C:\Program Files\Realtek 2007-06-13 19:23:26 0 d-------- C:\Program Files\Vstep 2007-05-27 09:57:16 0 d-------- C:\Documents and Settings\Robert Terry\Application Data\Command & Conquer 3 Tiberium Wars -- Find3M Report --------------------------------------------------------------- 2007-06-25 12:49:57 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-06-25 12:49:42 0 d-------- C:\Program Files\GetRight 2007-06-25 12:49:40 0 d-------- C:\Program Files\DAEMON Tools 2007-06-22 08:58:00 0 d-------- C:\Documents and Settings\Robert Terry\Application Data\uTorrent 2007-06-20 19:31:48 0 d-------- C:\Program Files\Symantec 2007-06-19 16:53:25 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-06-17 19:44:43 0 d-------- C:\Program Files\Steam 2007-06-13 17:38:21 0 d-------- C:\Program Files\TuneUp Utilities 2007 2007-06-09 03:23:22 0 d-------- C:\Documents and Settings\Robert Terry\Application Data\DivX 2007-05-31 18:57:25 0 d-------- C:\Documents and Settings\Robert Terry\Application Data\Adobe 2007-05-31 18:55:29 0 d-------- C:\Program Files\Common Files\Adobe 2007-05-27 21:24:45 0 d-------- C:\Program Files\Winamp 2007-05-27 09:40:07 0 d-------- C:\Program Files\Electronic Arts 2007-05-24 22:45:52 0 d-------- C:\Documents and Settings\Robert Terry\Application Data\Mozilla 2007-05-24 22:45:36 0 d-------- C:\Documents and Settings\Robert Terry\Application Data\SecondLife 2007-05-21 17:32:33 0 d-------- C:\Program Files\Common Files\LogiShrd 2007-05-20 15:38:45 0 d-------- C:\Documents and Settings\Robert Terry\Application Data\Ahead 2007-05-20 15:30:46 0 d-------- C:\Program Files\Nero 2007-05-20 15:30:46 0 d-------- C:\Program Files\Common Files\Ahead 2007-05-20 15:28:51 0 d-------- C:\Program Files\Ahead 2007-05-15 22:01:02 0 d-------- C:\Program Files\Webroot 2007-05-15 22:01:01 0 d-------- C:\Documents and Settings\Robert Terry\Application Data\Webroot 2007-05-14 00:03:46 0 d-------- C:\Program Files\AGEIA Technologies 2007-05-14 00:03:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-14 00:00:08 0 d-------- C:\Program Files\Timeline Interactive 2007-05-10 18:25:32 0 d-------- C:\Program Files\EA GAMES 2007-05-10 04:31:51 0 d-------- C:\Documents and Settings\Robert Terry\Application Data\MusicIP 2007-05-07 11:22:58 0 d-------- C:\Documents and Settings\Robert Terry\Application Data\IGN_DLM 2007-05-07 10:02:09 0 d-------- C:\Documents and Settings\Robert Terry\Application Data\Logitech 2007-05-07 10:00:42 0 d-------- C:\Program Files\Common Files\Logitech 2007-05-07 10:00:22 0 d-------- C:\Program Files\Logitech 2007-05-05 22:19:00 0 d-------- C:\Program Files\DivX 2007-05-02 14:04:19 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-05-02 14:02:06 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2007-05-02 14:02:06 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2007-05-02 14:01:56 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2007-05-02 14:01:56 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2007-05-02 14:01:56 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2007-05-02 14:01:56 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2007-05-01 22:33:57 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2007-05-01 13:07:40 0 d-------- C:\Program Files\Bethesda Softworks -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {31FF080D-12A3-439A-A2EF-4BA95A3148E8} C:\Program Files\GetRight\xx2gr.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" "LogitechCommunicationsManager"="\"C:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\Communications_Helper.exe\"" "LVCOMSX"="\"C:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\LVComSX.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe" "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ADeck" "hkey"="HKLM" "command"="C:\\Program Files\\VIAudioi\\SBADeck\\ADeck.exe 1 " "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ashDisp" "hkey"="HKLM" "command"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BrMfcWnd" "hkey"="HKLM" "command"="C:\\Program Files\\Brother\\Brmfcmon\\BrMfcWnd.exe /AUTORUN" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="brctrcen" "hkey"="HKLM" "command"="C:\\Program Files\\Brother\\ControlCenter3\\brctrcen.exe /autorun" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IndexSearch" "hkey"="HKLM" "command"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="pptd40nt" "hkey"="HKLM" "command"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SnoopFreeUI] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SnoopFreeUI" "hkey"="HKLM" "command"="SnoopFreeUI.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SSBkgdupdate" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CLIStart" "hkey"="HKCU" "command"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wltray.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="wltray" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\wltray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost netsvcs UxTuneUp -- End of Deckard's System Scanner: finished at 2007-06-25 at 18:20:15 ---------