Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
www.virushelpzone.com?!? www.virushelpzone.com?!?
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 02-27-2007, 11:00 PM   #1 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 12
OS: WinXP


www.virushelpzone.com?!?
Hello guys, I have looked this trojan up and read about how to fix it on many pages, I just don't imagine I will have the same logs as everyone else; nor do I understand them. I was wondering if someone who knows how to get rid of this would help me out? Thank you much!
jarettcahoj is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 02-28-2007, 06:26 AM   #2 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 19,079
OS: WinXP and Vista


Hello jarettcahoj and welcome to TSF,

We need something to work with.

Download ComboScan to your Desktop.Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on comboscan.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - ComboScan.txt <- this one will be maximized and Supplementary.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your thread in the HijackThis Log Help Forum.
  5. Please attach Supplementary.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\ComboScanSupplementary.txt
  3. Click Upload.
__________________

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Keep this site free for all. Please consider, donating

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 02-28-2007, 01:28 PM   #3 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 12
OS: WinXP


my ComboScan.txt
ComboScan v20070226.18 run by Jarett Cahoj on 2007-02-28 at 14:09:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Restore was disabled; re-enabling.
Failed to create restore point: System Restore is disabled (service is not running).
Performed disk cleanup.


-- HijackThis Clone -------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-02-28 14:13:25
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.0.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetWaiting\netwaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\Documents and Settings\Jarett Cahoj\Local Settings\Temporary Internet Files\Content.IE5\0TUV4TEN\comboscan[1].exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virushelpzone.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.com/ig/dell?hl=en&...us&ibd=5061206
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=5061206
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F0 - win.ini: load=C:\WINDOWS\system32\aibewan\winlogon.exe
F0 - win.ini: run=C:\WINDOWS\system32\aibewan\winlogon.exe
F3 - REG:win.ini: Load=C:\WINDOWS\system32\userinit.exe,
F3 - REG:win.ini: Run=C:\WINDOWS\system32\userinit.exe,
O1 - Hosts: nternals.com
O1 - Hosts: nternals.com
O1 - Hosts: nternals.com
O1 - Hosts: nternals.com
O1 - Hosts: nternals.com
O1 - Hosts: nternals.com
O1 - Hosts: nternals.com
O1 - Hosts: nternals.com
O1 - Hosts: nternals.com
O1 - Hosts: nternals.com
O1 - Hosts: # 15514 more entries remain in hosts file.
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ModemOnHold] "C:\Program Files\NetWaiting\netWaiting.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: winlogon.lnk =
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab53083.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...nt/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\system32\WRLogonNTF.dll
O23 - Service: Alerter - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Application Layer Gateway Service (ALG) - C:\WINDOWS\system32\alg.exe
O23 - Service: Application Management (AppMgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: ASP.NET State Service (aspnet_state) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: Windows Audio (AudioSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Computer Browser (Browser) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Symantec Event Manager (ccEvtMgr) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O23 - Service: Symantec Password Validation (ccPwdSvc) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
O23 - Service: Symantec Settings Manager (ccSetMgr) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O23 - Service: Indexing Service (CiSvc) - C:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook (ClipSrv) - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: COM+ System Application (COMSysApp) - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: Cryptographic Services (CryptSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - C:\WINDOWS\system32\svchost -k DcomLaunch
O23 - Service: DHCP Client (Dhcp) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: dlcf_device - C:\WINDOWS\system32\dlcfcoms.exe -service
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: Logical Disk Manager (dmserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: DNS Client (Dnscache) - C:\WINDOWS\system32\svchost.exe -k NetworkService
O23 - Service: Media Center Receiver Service (ehRecvr) - C:\WINDOWS\ehome\ehrecvr.exe
O23 - Service: Media Center Scheduler Service (ehSched) - C:\WINDOWS\ehome\ehSched.exe
O23 - Service: Error Reporting Service (ERSvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Event Log (Eventlog) - C:\WINDOWS\system32\services.exe
O23 - Service: COM+ Event System (EventSystem) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Fax - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: GEARSecurity - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Help and Support (helpsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Human Interface Device Access (HidServ) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: HTTP SSL (HTTPFilter) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
O23 - Service: Server (lanmanserver) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Workstation (lanmanworkstation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Media Center Extender Service (McrdSvc) - C:\WINDOWS\ehome\mcrdsvc.exe
O23 - Service: Messenger - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: MHN - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Windows Installer (MSIServer) - C:\WINDOWS\system32\msiexec.exe /V
O23 - Service: Network DDE (NetDDE) - C:\WINDOWS\system32\netdde.exe
O23 - Service: Network DDE DSDM (NetDDEdsdm) - C:\WINDOWS\system32\netdde.exe
O23 - Service: Net Logon (Netlogon) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Network Connections (Netman) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Network Location Awareness (NLA) (Nla) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Norton Ghost - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NT LM Security Support Provider (NtLmSsp) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Removable Storage (NtmsSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Plug and Play (PlugPlay) - C:\WINDOWS\system32\services.exe
O23 - Service: IPSEC Services (PolicyAgent) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Protected Storage (ProtectedStorage) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Remote Access Connection Manager (RasMan) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Routing and Remote Access (RemoteAccess) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Remote Registry (RemoteRegistry) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - C:\WINDOWS\system32\locator.exe
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - C:\WINDOWS\system32\svchost -k rpcss
O23 - Service: QoS RSVP (RSVP) - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Security Accounts Manager (SamSs) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Smart Card (SCardSvr) - C:\WINDOWS\system32\scardsvr.exe
O23 - Service: Task Scheduler (Schedule) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Secondary Logon (seclogon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: System Event Notification (SENS) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Shell Hardware Detection (ShellHWDetection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Print Spooler (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: System Restore Service (srservice) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: SSDP Discovery Service (SSDPSRV) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - C:\WINDOWS\system32\svchost.exe -k imgsvc
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - C:\WINDOWS\system32\dllhost.exe /Processid:{6F6160A9-C71A-4D34-91A0-5B9E71074979}
O23 - Service: Symantec Core LC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telephony (TapiSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Terminal Services (TermService) - C:\WINDOWS\System32\svchost -k DComLaunch
O23 - Service: Themes - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Telnet (TlntSvr) - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Distributed Link Tracking Client (TrkWks) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Windows User Mode Driver Framework (UMWdf) - C:\WINDOWS\system32\wdfmgr.exe
O23 - Service: Universal Plug and Play Device Host (upnphost) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Uninterruptible Power Supply (UPS) - C:\WINDOWS\system32\ups.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - "C:\Program Files\MSN Messenger\usnsvc.exe"
O23 - Service: Viewpoint Manager Service - "C:\Program Files\Viewpoint\Common\ViewpointService.exe"
O23 - Service: Volume Shadow Copy (VSS) - C:\WINDOWS\system32\vssvc.exe
O23 - Service: Windows Time (w32time) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: WebClient - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"
O23 - Service: Windows Management Instrumentation (winmgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - C:\WINDOWS\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: WMI Performance Adapter (WmiApSrv) - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Security Center (wscsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Automatic Updates (wuauserv) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Wireless Zero Configuration (WZCSVC) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Network Provisioning Service (xmlprov) - C:\WINDOWS\System32\svchost.exe -k netsvcs


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

4S agpCPQ (Compaq AGP Bus Filter) - C:\WINDOWS\system32\drivers\AGPCPQ.SYS
4S alim1541 (ALI AGP Bus Filter) - C:\WINDOWS\system32\drivers\ALIM1541.SYS
4S amdagp (AMD AGP Bus Filter Driver) - C:\WINDOWS\system32\drivers\AMDAGP.SYS
1R APPDRV - C:\WINDOWS\system32\drivers\APPDRV.SYS
3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
2R ASCTRM - C:\WINDOWS\system32\drivers\asctrm.sys
1R Avg7Core (AVG7 Kernel) - C:\WINDOWS\system32\drivers\avg7core.sys
1R Avg7RsW (AVG7 Wrap Driver) - C:\WINDOWS\system32\drivers\avg7rsw.sys
1R Avg7RsXP (AVG7 Resident Driver XP) - C:\WINDOWS\system32\drivers\avg7rsxp.sys
1R AvgClean (AVG7 Clean Driver) - C:\WINDOWS\system32\drivers\avgclean.sys
2R AvgTdi (AVG Network Redirector) - C:\WINDOWS\system32\drivers\avgtdi.sys
3R BCM43XX (Dell Wireless WLAN Card Driver) - C:\WINDOWS\system32\drivers\BCMWL5.SYS
3R bcm4sbxp (Broadcom 440x 10/100 Integrated Controller XP Driver) - C:\WINDOWS\system32\drivers\bcm4sbxp.sys
4S cbidf - C:\WINDOWS\system32\drivers\cbidf2k.sys
4S dac2w2k - C:\WINDOWS\system32\drivers\dac2w2k.sys
0R drvmcdb - C:\WINDOWS\system32\drivers\drvmcdb.sys
2R drvnddm - C:\WINDOWS\system32\drivers\drvnddm.sys
3S E100B (Intel(R) PRO Adapter Driver) - C:\WINDOWS\system32\drivers\e100b325.sys
1R GearAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3R HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys
3R HSFHWAZL - C:\WINDOWS\system32\drivers\HSFHWAZL.sys
3R HSF_DPV - C:\WINDOWS\system32\drivers\HSF_DPV.sys
3R ialm - C:\WINDOWS\system32\drivers\ialmnt5.sys
1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys
3S MHNDRV (MHN driver) - C:\WINDOWS\system32\drivers\mhndrv.sys
3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
3S nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
0R ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
1R omci (OMCI WDM Device Driver) - C:\WINDOWS\system32\drivers\omci.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3R rimmptsk - C:\WINDOWS\system32\drivers\rimmptsk.sys
3R rimsptsk - C:\WINDOWS\system32\drivers\rimsptsk.sys
3R rismxdp (Ricoh xD-Picture Card Driver) - C:\WINDOWS\system32\drivers\rixdptsk.sys
1R SCDEmu - C:\WINDOWS\system32\drivers\scdemu.sys
3R sdbus - C:\WINDOWS\system32\drivers\sdbus.sys
4S sisagp (SIS AGP Bus Filter) - C:\WINDOWS\system32\drivers\SISAGP.SYS
1R sscdbhk5 - C:\WINDOWS\system32\drivers\sscdbhk5.sys
0R SSFS0509 (Spy Sweeper File System Filer Driver: 0509) - C:\WINDOWS\system32\drivers\SSFS0509.sys
0R SSHRMD (Spy Sweeper Hookrack MiniDriver) - C:\WINDOWS\system32\drivers\sshrmd.sys
0R SSIDRV (Spy Sweeper Interdiction Driver) - C:\WINDOWS\system32\drivers\ssidrv.sys
3R SSKBFD (Webroot Spy Sweeper Keylogger Shield Keyboard Filter) - C:\WINDOWS\system32\drivers\sskbfd.sys
1R ssrtln - C:\WINDOWS\system32\drivers\ssrtln.sys
3R STHDA (SigmaTel High Definition Audio CODEC) - C:\WINDOWS\system32\drivers\sthda.sys
2R symlcbrd - C:\WINDOWS\system32\drivers\symlcbrd.sys
0R SymSnap - C:\WINDOWS\system32\drivers\SymSnap.sys
3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys
2R tfsnboio - C:\WINDOWS\system32\dla\tfsnboio.sys
2R tfsncofs - C:\WINDOWS\system32\dla\tfsncofs.sys
2R tfsndrct - C:\WINDOWS\system32\dla\tfsndrct.sys
2R tfsndres - C:\WINDOWS\system32\dla\tfsndres.sys
2R tfsnifs - C:\WINDOWS\system32\dla\tfsnifs.sys
2R tfsnopio - C:\WINDOWS\system32\dla\tfsnopio.sys
2R tfsnpool - C:\WINDOWS\system32\dla\tfsnpool.sys
2R tfsnudf - C:\WINDOWS\system32\dla\tfsnudf.sys
2R tfsnudfa - C:\WINDOWS\system32\dla\tfsnudfa.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
1R V2IMount - C:\WINDOWS\system32\drivers\V2iMount.sys
4S viaagp (VIA AGP Bus Filter) - C:\WINDOWS\system32\drivers\VIAAGP.SYS
3S wanatw (WAN Miniport (ATW)) - C:\WINDOWS\system32\DRIVERS\wanatw4.sys (not found)
3R winachsf - C:\WINDOWS\system32\drivers\HSF_CNXT.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R Avg7Alrt (AVG7 Alert Manager Server) - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
2R Avg7UpdSvc (AVG7 Update Service) - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
2R AVGEMS (AVG E-mail Scanner) - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
3S ccPwdSvc (Symantec Password Validation) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
3R dlcf_device - C:\WINDOWS\system32\dlcfcoms.exe -service
2R ehRecvr (Media Center Receiver Service) - C:\WINDOWS\eHome\ehRecvr.exe
2R ehSched (Media Center Scheduler Service) - C:\WINDOWS\eHome\ehSched.exe
2S Fax - C:\WINDOWS\system32\fxssvc.exe
2R GEARSecurity - C:\WINDOWS\System32\GEARSec.exe
3R iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2R McrdSvc (Media Center Extender Service) - C:\WINDOWS\ehome\mcrdsvc.exe
3S MHN - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S Norton Ghost - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
3S Symantec Core LC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
3S UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
3S usnjsvc (Messenger Sharing Folders USN Journal Reader service) - "C:\Program Files\MSN Messenger\usnsvc.exe"
2R Viewpoint Manager Service - "C:\Program Files\Viewpoint\Common\ViewpointService.exe"
2R WebrootSpySweeperService (Webroot Spy Sweeper Engine) - "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"
2R wltrysvc (Dell Wireless WLAN Tray Service) - C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe


-- Files created between 2007-01-28 and 2007-02-28 ------------------------------

2007-02-27 23:00:17 0 d-------- C:\Program Files\PowerISO
2007-02-27 19:42:34 0 d-------- C:\Documents and Settings\Jarett Cahoj\Application Data\AVG7
2007-02-27 19:42:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-02-27 19:42:19 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-02-27 19:42:18 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2007-02-27 19:42:18 19392 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-02-27 19:42:17 27776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-02-27 19:42:17 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-02-27 19:42:15 775680 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-02-27 19:42:10 0 d-------- C:\Program Files\Grisoft
2007-02-27 19:42:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-02-27 19:42:10 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-02-26 07:05:51 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-02-26 07:05:47 21056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-02-26 07:05:47 144448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-02-26 07:05:47 22080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-02-26 07:05:47 20544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-02-26 07:05:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-02-26 07:05:36 0 d-------- C:\Program Files\Webroot
2007-02-26 07:04:21 0 d-------- C:\Documents and Settings\Jarett Cahoj\Application Data\Webroot
2007-02-24 03:54:11 2 ---hs---- C:\WINDOWS\system32\taskkill.com
2007-02-24 03:54:11 2 ---hs---- C:\WINDOWS\system32\netstat.com
2007-02-23 03:16:43 0 d--h----- C:\Documents and Settings\Jarett Cahoj\Application Data\Move Networks<MOVENE~1>
2007-02-15 17:46:28 0 d-------- C:\Documents and Settings\Jarett Cahoj\Application Data\acccore
2007-02-15 17:44:36 0 d-------- C:\Program Files\AIM6
2007-01-31 23:32:09 2560 --a------ C:\WINDOWS\system32\unsvchosts.exe<UNSVCH~1.EXE>
2007-01-29 02:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe


-- Find3M Report ----------------------------------------------------------------

2007-02-28 09:38:33 0 d-------- C:\Documents and Settings\Jarett Cahoj\Application Data\BitTorrent<BITTOR~1>
2007-02-27 19:42:01 0 d---s---- C:\Documents and Settings\Jarett Cahoj\Application Data\Microsoft<MICROS~1>
2007-02-26 19:23:38 0 d-------- C:\Program Files\McAfee
2007-02-20 05:26:38 0 d-------- C:\Program Files\Viewpoint<VIEWPO~1>
2007-02-17 12:24:00 0 d-------- C:\Program Files\Common Files\AOL
2007-02-14 19:03:50 0 d-------- C:\Program Files\LimeWire
2007-02-07 15:21:56 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-06 19:23:14 0 d-------- C:\Program Files\Turbo Torrent<TURBOT~1>
2007-01-22 15:59:33 0 d-------- C:\Documents and Settings\Jarett Cahoj\Application Data\Viewpoint<VIEWPO~1>
2007-01-22 03:06:36 0 d-------- C:\Documents and Settings\Jarett Cahoj\Application Data\FastStone<FASTST~1>
2007-01-22 01:37:58 0 d-------- C:\Program Files\ConsoleClassix.com<CONSOL~1.COM>
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-16 11:30:20 0 d-------- C:\Program Files\BitTorrent<BITTOR~1>
2007-01-14 08:56:08 0 --a------ C:\utc.exe
2007-01-14 03:02:51 4704 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-01-14 03:02:51 56 -r-hs---- C:\WINDOWS\system32\9DE45066C4.sys<9DE450~1.SYS>
2007-01-14 03:02:41 0 d-------- C:\Documents and Settings\Jarett Cahoj\Application Data\Corel
2007-01-10 20:15:32 123503 --a------ C:\tysb.exe
2007-01-06 19:32:37 0 d-------- C:\Program Files\Docking Station<DOCKIN~1>
2007-01-04 15:45:46 0 d-------- C:\Documents and Settings\Jarett Cahoj\Application Data\McAfee.com Personal Firewall<MCAFEE~1.COM>
2006-12-30 15:50:49 0 d-------- C:\Documents and Settings\Jarett Cahoj\Application Data\CyberLink<CYBERL~1>
2006-12-19 15:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 12:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-14 12:58:49 146759 --a------ C:\WINDOWS\system32\1166101128.exe<116610~1.EXE>
2006-12-14 03:03:58 88 -r-hs---- C:\WINDOWS\system32\C46650E49D.sys<C46650~1.SYS>
2006-12-11 01:55:44 200 --a----c- C:\Documents and Settings\Jarett Cahoj\Application Data\G-Force Prefs (WindowsMediaPlayer).txt<G-FORC~1.TXT>
2006-12-06 22:14:51 2330624 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-06 22:02:03 61678 --a------ C:\Documents and Settings\Jarett Cahoj\Application Data\PFP120JPR.{PB<PFP120~2.{PB>
2006-12-06 22:02:03 12358 --a------ C:\Documents and Settings\Jarett Cahoj\Application Data\PFP120JCM.{PB<PFP120~1.{PB>
2006-12-06 12:14:40 335 --a------ C:\WINDOWS\nsreg.dat
2006-12-05 18:47:32 49152 --a------ C:\WINDOWS\setpwrcg.exe


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ModemOnHold"="\"C:\\Program Files\\NetWaiting\\netWaiting.exe\""
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"winlogon"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY.exe"
"SigmatelSysTrayApp"="stsystra.exe"
"Dell QuickSet"="\"C:\\Program Files\\Dell\\QuickSet\\quickset.exe\""
"SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\""
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Norton Ghost 10.0"="\"C:\\Program Files\\Norton Ghost\\Agent\\GhostTray.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="\"C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe\" /STARTUP"
"PWRISOVM.EXE"="\"C:\\Program Files\\PowerISO\\PWRISOVM.EXE\""
"winlogon"=""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"="1"
"NoAdminPage"="1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
Shell\AutoRun\command E:\setup.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SCDEMU


-- End of ComboScan: finished at 2007-02-28 at 14:13:48 -------------------------
Last edited by jarettcahoj : 02-28-2007 at 01:38 PM.
jarettcahoj is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 02-28-2007, 01:29 PM   #4 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 12
OS: WinXP


my Supplementary.txt
ComboScan v20070226.18 run by Jarett Cahoj on 2007-02-28 at 14:09:44
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel(R) CPU T2050 @ 1.60GHz
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 502.37 MiB / 217.25 MiB
Pagefile Memory (total/avail): 1227.3 MiB / 867.59 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1987.26 MiB

C: is Fixed (NTFS) - 37.26 GiB total, 6.08 GiB free.
D: is Fixed (NTFS) - 12.55 GiB total, 12.48 GiB free.
E: is CDROM (Unformatted)
F: is CDROM (No Media)


-- Security Center --------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.446 v7.5.446 (GRISOFT)


-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jarett Cahoj\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JARETT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jarett Cahoj
LOGONSERVER=\\JARETT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JARETT~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JARETT~1\LOCALS~1\Temp
USERDOMAIN=JARETT
USERNAME=Jarett Cahoj
USERPROFILE=C:\Documents and Settings\Jarett Cahoj
windir=C:\WINDOWS


-- User Profiles ----------------------------------------------------------------

Jarett Cahoj (admin)
Administrator (admin)


-- Add/Remove Programs ----------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
725plc32 --> MsiExec.exe /I{162D2FB8-60A3-4871-B6A1-5C744CD34FF5}
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6.0 --> C:\Program Files\AIM6\uninst.exe
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BitTorrent 5.0.4 --> "C:\Program Files\BitTorrent\uninstall.exe"
Broadcom Management Programs --> MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Car Thief 6 Demo --> "C:\Program Files\Car Thief 6 Demo\Uninstall.exe" "C:\Program Files\Car Thief 6 Demo\install.log"
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Console Classix 3.8 --> "C:\Program Files\ConsoleClassix.com\unins000.exe"
Dell Color Printer 725 --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlcfUNST.EXE -NOLICENSE
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Support 3.1 --> MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC}
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Internet Service Offers Launcher --> MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Move Networks Player for Internet Explorer --> "C:\Documents and Settings\Jarett Cahoj\Application Data\Move Networks\ie_bin\unins000.exe"
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Norton Ghost 10.0 --> MsiExec.exe /X{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}
OTOY --> RunDll32 C:\WINDOWS\DOWNLO~1\OTOYAX.dll,_RemoveGroove@16
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908250 --> "C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB912067 -->
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll


-- End of ComboScan: finished at 2007-02-28 at 14:13:48 -------------------------
Last edited by jarettcahoj : 02-28-2007 at 01:38 PM.
jarettcahoj is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 02-28-2007, 09:21 PM   #5 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 19,079
OS: WinXP and Vista


This will take more than 1 round to erradicate, so please stay with me.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Would you please upload a folder for analysis?

Navigate to the following folder:

C:\WINDOWS\system32\aibewan

Right click and select 'Send To'> Compressed (zipped) folder.

Once you've zipped it, please visit TheSpyKillers forum HERE

Read the first topic for instructions on uploading files then start a new Topic, title the thread Files for AndyManchesta, post a link to this thread and upload the zipped folder.

***************************************************

The copy of HijackThis.exe has not downloaded properly so it will not be able to fix any entries. Please download a fresh copy from here and save it to your desktop.

***************************************************

Disable SpySweeper as it may interfere with the fixes below:

Right click the icon in the Task Bar and select ‘Exit’

--------------------------------------------------------------------

Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% -(Drive that contains the Windows Directory, typically C:\SDFix)

--------------------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virushelpzone.com/
F0 - win.ini: load=C:\WINDOWS\system32\aibewan\winlogon.exe
F0 - win.ini: run=C:\WINDOWS\system32\aibewan\winlogon.exe
F3 - REG:win.ini: Load=C:\WINDOWS\system32\userinit.exe,
F3 - REG:win.ini: Run=C:\WINDOWS\system32\userinit.exe,

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following File and Folder

C:\WINDOWS\system32\ unsvchosts.exe
C:\WINDOWS\system32\ aibewan

--------------------------------------------------------------------

Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt I'll need that in your next reply.
--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Run a new scan with ComboScan.exe.

--------------------------------------------------------------------

Please include the following in your next reply:

C:\SDFix\Report.txt
Panda results
ComboScan.txt
__________________

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Keep this site free for all. Please consider, donating

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 03-02-2007, 02:27 AM   #6 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 12
OS: WinXP


SDFix report.txt
SDFix: Version 1.69

Run by Jarett Cahoj - Fri 03/02/2007 @ 4:15:19.20

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\Documents and Settings\Jarett Cahoj\Desktop\sdfix\SDFix

Safe Mode:
Checking Services:

Path:



Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\Documents and Settings\Jarett Cahoj\Start Menu\Programs\Startup\winlogon.lnk - Deleted
C:\WINDOWS\system32\netstat.com - Deleted
C:\WINDOWS\system32\taskkill.com - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\JARETT~1\Desktop\sdfix\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Documents and Settings\Jarett Cahoj\Desktop\New Folder (2)\Teenagers.From.Uranus.2006.STV.DVDRiP.XViD-D0PE.[www.torrentfive.com]\Thumbs.db
C:\Documents and Settings\Jarett Cahoj\Desktop\New Folder (2)\Teenagers.From.Uranus.2006.STV.DVDRiP.XViD-D0PE.[www.torrentfive.com]\Sample\Thumbs.db
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp

Add/Remove Programs List:

GemMaster Mystic
OTOY
Adobe Shockwave Player
AIM 6.0
AVG 7.5
Otto
BitTorrent 5.0.4
Dell Wireless WLAN Card
Car Thief 6 Demo
Conexant HDA D110 MDC V.92 Modem
Console Classix 3.8
Dell Color Printer 725
Dell Digital Jukebox Driver
DivX Content Uploader
ESPNMotion
HijackThis 1.99.1
High Definition Audio Driver Package - KB835221
Update Rollup 2 for Windows XP Media Center Edition 2005
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB912067
LimeWire 4.12.6
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Microsoft .NET Framework 1.1
Move Networks Player for Internet Explorer
PowerISO
RealPlayer Basic
Adobe Flash Player 9 ActiveX
Learn2 Player (Uninstall Only)
Synaptics Pointing Device Driver
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WildTangent Web Driver
WinRAR archiver
Yahoo! Internet Mail
Sonic RecordNow Data
Microsoft Plus! Photo Story 2 LE
Sonic DLA
725plc32
AutoUpdate
Broadcom Management Programs
Sonic Update Manager
J2SE Runtime Environment 5.0 Update 8
Norton Ghost 10.0
Google Earth
URL Assistant
NetWaiting
iTunes
ELIcon
QuickTime
Dell Support 3.1
Windows Live Messenger
AOLIcon
PowerDVD 5.7
Digital Content Portal
Microsoft Plus! Digital Media Edition Installer
Java 2 Runtime Environment, SE v1.4.2_03
EarthLink setup files
DivX Codec
Modem Helper
Musicmatchr Jukebox
Intel(R) Graphics Media Accelerator Driver
DivX Player
Sonic Encoders
EducateU
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
WordPerfect Office 12
Documentation & Support Launcher
Sonic RecordNow Copy
DivX Converter
Spy Sweeper
Games, Music, & Photos Launcher
DivX Web Player
QuickSet
Microsoft .NET Framework 1.1
MCU
Internet Service Offers Launcher
Digital Line Detect

Finished
jarettcahoj is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 03-02-2007, 05:37 AM   #7 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 19,079
OS: WinXP and Vista


I still need the following logs in order to continue:

Quote:
Originally Posted by Ried
Please include the following in your next reply:

C:\SDFix\Report.txt
Panda results
ComboScan.txt
__________________

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Keep this site free for all. Please consider, donating

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 03-02-2007, 05:45 PM   #8 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 12
OS: WinXP


http://www.thespykiller.co.uk/forum/...p?topic=3714.0

this is the link for the aibewan file that you requested. When I try to use the Pandascan it gets through about 17xxx files and hits an mp3 file and freezes on it each time. I just deleted that file and now I am trying again; although pandascan had found 35 spyware items in the small amount that it had scanned :S
Anyways, I will get everything else that you asked finished asap. Thank you very much for your assistance and response times!
jarettcahoj is offline  
Digg this Post!Add Post to del.icio.us