RJC1989

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:28 PM, on 5/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\Aston\aston.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
F2 - REG:system.ini: Shell=explorer.exe ,svchost.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {70AB0A8B-8A8A-496F-A339-4CD2F3352991} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {82B7BB6A-4FC8-4B9B-95B9-E0E7D7476325} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: VCS3IESupport Class - {B9D6B3C2-09AD-464A-8162-8C55114C808A} - C:\Program Files\AV VCS 3.0 DIAMOND\Vcs3RT.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - (no file)
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tonya\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.2.76.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1137205598310
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1137205591232
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: byxvwuu - byxvwuu.dll (file missing)
O20 - Winlogon Notify: mljji - C:\WINDOWS\
O21 - SSODL: bdkpfxqw - {AC75B5BA-1174-49BB-93B8-FEBDCA356DE5} - C:\WINDOWS\bdkpfxqw.dll
O21 - SSODL: qadovnel - {26D1A944-7429-426B-A4B6-CD93388E3AC1} - C:\WINDOWS\qadovnel.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://image05.webshots.com/5/9/53/3...7Rkoakq_ph.jpg
O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

greyknight17

One thing to set straight before we continue. We are ALL volunteers here and if we can be patient, so can you. There is no reason for you to bump multiple times or create this new topic for that matter. Doing so will not get you a faster response. If anything, some of us will ignore users that abuse this free support we provide.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Uninstall the following via the Add/Remove Panel (Start->Settings->Control Panel->Add/Remove Programs) if found:

Viewpoint

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
F2 - REG:system.ini: Shell=explorer.exe ,svchost.exe
O2 - BHO: (no name) - {70AB0A8B-8A8A-496F-A339-4CD2F3352991} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {82B7BB6A-4FC8-4B9B-95B9-E0E7D7476325} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O20 - Winlogon Notify: byxvwuu - byxvwuu.dll (file missing)
O20 - Winlogon Notify: mljji - C:\WINDOWS\
O21 - SSODL: bdkpfxqw - {AC75B5BA-1174-49BB-93B8-FEBDCA356DE5} - C:\WINDOWS\bdkpfxqw.dll
O21 - SSODL: qadovnel - {26D1A944-7429-426B-A4B6-CD93388E3AC1} - C:\WINDOWS\qadovnel.dll
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://image05.webshots.com/5/9/53/3...7Rkoakq_ph.jpg
O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\Program Files\Viewpoint\
C:\Program Files\Common Files\Viewpoint\
C:\WINDOWS\bdkpfxqw.dll
C:\WINDOWS\qadovnel.dll
C:\WINDOWS\privacy_danger\

Don't worry if you can't remove any of the files/folders above. Proceed with the below....

1. Download combofix at http://www.techsupportforum.com/sect...s/ComboFix.exe or http://download.bleepingcomputer.com/sUBs/ComboFix.exe Save it to your Desktop before you run it.
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.

__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.

Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D

Anti-Spyware Tutorial :: Spyware Prevention Tools

RJC1989

This Log is huge...but im sure you already know that :)
And dude i only started a new thread because i couldnt find the other one this morning...sorry next time ill bookmark lol

ComboFix 08-05-21.3 - Tonya 2008-05-23 20:52:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.734 [GMT -4:00]
Running from: C:\Documents and Settings\Tonya\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Activision\Rome - Total War\Data\banners\Desktop_.ini
C:\Program Files\Activision\Rome - Total War\Data\models_building\Desktop_.ini
C:\Program Files\Activision\Rome - Total War\Data\models_building\TEXTURES\Desktop_.ini
C:\Program Files\Activision\Rome - Total War\Data\models_strat\Desktop_.ini
C:\Program Files\Activision\Rome - Total War\Data\models_strat\residences\Desktop_.ini
C:\Program Files\Activision\Rome - Total War\Data\models_strat\residences\textures\Desktop_.ini
C:\Program Files\Activision\Rome - Total War\Data\models_strat\textures\Desktop_.ini
C:\Program Files\Activision\Rome - Total War\Data\models_strat\textures\scale_me\Desktop_.ini
C:\Program Files\Activision\Rome - Total War\Data\models_strat\textures\scale_me\scale_more\Desktop_.ini
C:\Program Files\Activision\Rome - Total War\Data\models_unit\Desktop_.ini
C:\Program Files\Activision\Rome - Total War\Data\models_unit\Textures\Desktop_.ini
C:\Program Files\Common Files\{3C608~1
C:\Program Files\Common Files\{3C608~1\Uninst.exe
C:\Program Files\Common Files\{9C608~1
C:\Program Files\Google\googletoolbar1.dll
C:\Program Files\Helper
C:\Program Files\PC-Cleaner
C:\Program Files\PC-Cleaner\com\pcsd.dll
C:\Program Files\PC-Cleaner\Uninstall.exe
C:\smp.bat
C:\WINDOWS\a.bat
C:\WINDOWS\assys.dll
C:\WINDOWS\bdkpfxqw.dll
C:\WINDOWS\bdn.com
C:\WINDOWS\ffnsys.dll
C:\WINDOWS\gstcore.dll
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mfnsys.dll
C:\WINDOWS\mssecu.exe
C:\WINDOWS\qadovnel.dll
C:\WINDOWS\rs.txt
C:\WINDOWS\rsczsys.dll
C:\WINDOWS\snsys.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\ijjlm.bak1
C:\WINDOWS\system32\ijjlm.bak2
C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijjlm.ini2
C:\WINDOWS\system32\ijjlm.tmp
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\uawin.dll
C:\WINDOWS\Web\def.htm
C:\WINDOWS\xbaqktfv.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.

2008-05-21 12:50 . 2008-05-21 12:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-21 12:50 . 2008-05-21 12:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-09 11:44 . 2008-05-09 11:44 <DIR> d-------- C:\Program Files\Windows Defender
2008-05-08 19:17 . 2008-05-08 19:17 <DIR> d-------- C:\Program Files\Security Task Manager
2008-05-08 19:17 . 2008-05-08 19:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-05-02 09:42 . 2008-05-02 09:42 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-04-29 16:49 . 2004-08-04 01:59 49,536 --a------ C:\WINDOWS\system32\drivers\aw4gd6el.sys
2008-04-29 12:56 . 2008-04-29 12:56 <DIR> d----c--- C:\CAVEDOG
2008-04-29 10:55 . 2008-05-15 11:22 <DIR> d-------- C:\Documents and Settings\Tonya\Application Data\TmpRecentIcons
2008-04-28 22:27 . 2008-04-29 12:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\zohgjkfm
2008-04-26 12:46 . 2004-08-04 01:59 49,536 --a------ C:\WINDOWS\system32\drivers\add3li3v.sys
2008-04-25 17:16 . 2004-08-04 01:59 49,536 --a------ C:\WINDOWS\system32\drivers\acbmuj02.sys
2008-04-25 14:01 . 2008-04-25 14:02 <DIR> d-------- C:\Program Files\mIRC
2008-04-25 14:01 . 2008-04-25 14:13 <DIR> d-------- C:\Documents and Settings\Tonya\Application Data\mIRC
2008-04-24 17:21 . 2004-08-04 01:59 49,536 --a------ C:\WINDOWS\system32\drivers\agg8u61n.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 01:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-24 00:53 --------- d-----w C:\Program Files\Google
2008-05-24 00:39 --------- d-----w C:\Documents and Settings\Tonya\Application Data\Viewpoint
2008-05-24 00:03 --------- d-----w C:\Program Files\Steam
2008-05-23 19:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-05-22 14:11 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-14 17:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-11 00:21 --------- d-----w C:\Documents and Settings\Tonya\Application Data\teamspeak2
2008-05-10 13:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-09 16:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-29 17:59 --------- d-----w C:\Documents and Settings\Tonya\Application Data\Aston
2008-04-25 22:59 --------- d-----w C:\Program Files\Dell AIO Printer A920
2008-04-18 16:51 --------- d-----w C:\Program Files\Activision
2008-04-06 15:50 --------- d-----w C:\Program Files\Ubisoft
2008-04-04 17:27 --------- d-----w C:\Program Files\Microsoft Games
2008-04-04 00:53 --------- d-----w C:\Program Files\OpenAL
2007-12-08 17:44 22,328 ----a-w C:\Documents and Settings\Tonya\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]
"ares"="C:\Program Files\Ares\Ares.exe" [2006-07-15 06:34 1212928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-26 12:04 219136]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 21:34 5419008]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 03:56 53760 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Tonya^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Tonya\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Tonya^Start Menu^Programs^Startup^Xfire.lnk]
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2gb4i3hn]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 12:15 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2006-07-15 06:34 1212928 C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]
--a------ 2004-12-01 16:28 69709 C:\Program Files\ATI Multimedia\main\ATIDtct.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
--a------ 2004-12-01 16:32 106575 C:\Program Files\ATI Multimedia\main\launchpd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]
--a------ 2004-08-27 00:51 200704 C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-02-01 22:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoSys]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2007-09-06 06:06 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2007-12-20 11:45 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run]
--a------ 2007-10-26 12:04 219136 C:\PROGRA~1\Grisoft\AVG7\avgw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMLoader]
c:\program files\crystalys media\cm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cwingllib]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-09-14 16:09 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
--a------ 2003-05-12 15:02 270336 C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gdbvljew]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-02-26 03:06 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcsystray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HookUpFinder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 20:24 50760 C:\Program Files\Common Files\AOL\1137247716\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
--a------ 2006-02-17 12:59 124520 C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iss7328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jmlcv4m]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kaspersky Anti-Virus Lite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lvcdmsys]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MalwareBot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mlibsysmc]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-05-29 21:34 5419008 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-09-27 21:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
--a------ 2006-08-30 13:46 183367 C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-01-20 03:05 217088 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Repair Registry Pro]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 15:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STOPzilla]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 14:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinLoad]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinLoad32]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xfire Music]
--a------ 2006-11-20 22:12 253650 C:\Program Files\Xfire\xfiremusic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-06-07 14:08 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymmsddlop]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2007-03-28 18:10 224248 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zzfqdy.dll]
C:\WINDOWS\system32\zzfqdy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"AVGEMS"=2 (0x2)
"Netlogon"=3 (0x3)
"IDriverT"=3 (0x3)
"HTTPFilter"=3 (0x3)
"ImapiService"=3 (0x3)
"helpsvc"=2 (0x2)
"GoogleDesktopManager-010108-205858"=3 (0x3)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\Steam\\SteamApps\\jaygod\\counter-strike\\hl.exe"=
"C:\\Program Files\\Common Files\\AOL\\1137247716\\ee\\aim6.exe"=
"C:\\Program Files\\Steam\\SteamApps\\jaygod\\half-life 2\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\jaygod\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Steam\\SteamApps\\jaygod\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\jaygod\\condition zero\\hl.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Steam\\SteamApps\\jaygod\\source dedicated server\\srcds.exe"=
"C:\\Program Files\\Nexon\\Common\\NMService.exe"=
"C:\\Program Files\\Steam\\SteamApps\\jaygod\\half-life\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\jaygod\\team fortress classic\\hl.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1137247716\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Steam\\SteamApps\\yannison8792\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\yannison8792\\condition zero\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\flipside65\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\flipside65\\counter-strike source beta\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\flipside65\\day of defeat source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4 Demo\\Civilization4.exe"=
"C:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe"=
"C:\\Program Files\\Atari\\Deer Hunter 2005\\DH2005.exe"=
"C:\\Program Files\\Steam\\SteamApps\\jaygod\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\jaygod\\source sdk base\\hl2.exe"=
"C:\\Program Files\\Microsoft Games\\Allegiance\\Allegiance.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Steam\\SteamApps\\jaygod\\team fortress 2\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 UMAXPCLS;Print Port Scanner Driver;C:\WINDOWS\system32\DRIVERS\umaxpcls.sys [2001-08-17 14:58]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2003-04-30 13:24]
R3 tapgamerail;GameRail Adapter;C:\WINDOWS\system32\DRIVERS\tapgamerail.sys [2008-01-10 13:38]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-09-15 19:03]
S3 iMSPQMn;iMSPQMn;C:\DOCUME~1\Tonya\LOCALS~1\Temp\iMSPQMn.sys []
S4 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-26 03:06]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-24 01:05:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-05-23 19:00:37 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-05-24 01:03:00 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-22 07:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\drivers\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\PROGRA~1\Aston\Aston.exe
C:\PROGRA~1\Aston\XP\internat.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-05-23 21:08:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-24 01:08:26

Pre-Run: 14,605,672,448 bytes free
Post-Run: 14,736,977,920 bytes free

366 --- E O F --- 2008-05-23 10:58:27

greyknight17

Log is actually not long at all....

You have AVG Antivirus, Avast and Kaspersky Lite installed there. You should only have one antivirus program running on your computer. Decide which one to keep and uninstall the other two.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:
Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.

Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D

Anti-Spyware Tutorial :: Spyware Prevention Tools

RJC1989

What folders are these located in? Can I just erase the folders?


Log:


ComboFix 08-05-21.3 - Tonya 2008-05-27 18:37:04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.761 [GMT -4:00]
Running from: C:\Documents and Settings\Tonya\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tonya\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\drivers\acbmuj02.sys
C:\WINDOWS\system32\drivers\add3li3v.sys
C:\WINDOWS\system32\drivers\agg8u61n.sys
C:\WINDOWS\system32\drivers\aw4gd6el.sys
C:\WINDOWS\system32\zzfqdy.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\zohgjkfm
C:\Documents and Settings\Tonya\Application Data\TmpRecentIcons
C:\Documents and Settings\Tonya\Application Data\TmpRecentIcons\Aston.lnk
C:\Documents and Settings\Tonya\Application Data\TmpRecentIcons\Battle Grounds 2 1.1b.lnk
C:\Documents and Settings\Tonya\Application Data\TmpRecentIcons\BitComet.lnk
C:\Documents and Settings\Tonya\Application Data\TmpRecentIcons\CCleaner.lnk
C:\Documents and Settings\Tonya\Application Data\TmpRecentIcons\DAEMON Tools.lnk
C:\Documents and Settings\Tonya\Application Data\TmpRecentIcons\Google Earth.lnk
C:\Documents and Settings\Tonya\Application Data\TmpRecentIcons\HijackThis.lnk
C:\Documents and Settings\Tonya\Application Data\TmpRecentIcons\Internet.lnk
C:\Documents and Settings\Tonya\Application Data\TmpRecentIcons\My Computer.lnk
C:\Documents and Settings\Tonya\Application Data\TmpRecentIcons\Photo2Album.lnk
C:\Documents and Settings\Tonya\Application Data\TmpRecentIcons\Pirates, Vikings and Knights II.lnk
C:\Documents and Settings\Tonya\Application Data\TmpRecentIcons\RegCure.lnk
C:\Documents and Settings\Tonya\Application Data\TmpRecentIcons\Resident Evil 4 (mouse support).lnk
C:\Documents and Settings\Tonya\Application Data\TmpRecentIcons\Resident Evil 4.lnk
C:\Documents and Settings\Tonya\Application Data\TmpRecentIcons\Steam.lnk
C:\Documents and Settings\Tonya\Application Data\TmpRecentIcons\System Restore.lnk
C:\Documents and Settings\Tonya\Application Data\TmpRecentIcons\The Sims 2 Open For Business.lnk
C:\Documents and Settings\Tonya\Application Data\TmpRecentIcons\Xfire.lnk
C:\Documents and Settings\Tonya\Application Data\TmpRecentIcons\Yahoo! Mail.lnk
C:\Documents and Settings\Tonya\Application Data\TmpRecentIcons\Yahoo! Messenger.lnk
C:\WINDOWS\system32\drivers\acbmuj02.sys
C:\WINDOWS\system32\drivers\add3li3v.sys
C:\WINDOWS\system32\drivers\agg8u61n.sys
C:\WINDOWS\system32\drivers\aw4gd6el.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IMSPQMN
-------\Service_iMSPQMn


((((((((((((((((((((((((( Files Created from 2008-04-27 to 2008-05-27 )))))))))))))))))))))))))))))))
.

2008-05-21 12:50 . 2008-05-21 12:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-21 12:50 . 2008-05-21 12:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-09 11:44 . 2008-05-09 11:44 <DIR> d-------- C:\Program Files\Windows Defender
2008-05-08 19:17 . 2008-05-08 19:17 <DIR> d-------- C:\Program Files\Security Task Manager
2008-05-08 19:17 . 2008-05-08 19:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-05-02 09:42 . 2008-05-02 09:42 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-04-29 12:56 . 2008-04-29 12:56 <DIR> d----c--- C:\CAVEDOG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 22:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-26 15:38 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-24 01:23 --------- d-----w C:\Program Files\Steam
2008-05-24 00:53 --------- d-----w C:\Program Files\Google
2008-05-24 00:39 --------- d-----w C:\Documents and Settings\Tonya\Application Data\Viewpoint
2008-05-23 19:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-05-14 17:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-11 00:21 --------- d-----w C:\Documents and Settings\Tonya\Application Data\teamspeak2
2008-05-10 13:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-09 16:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-29 17:59 --------- d-----w C:\Documents and Settings\Tonya\Application Data\Aston
2008-04-25 22:59 --------- d-----w C:\Program Files\Dell AIO Printer A920
2008-04-25 18:13 --------- d-----w C:\Documents and Settings\Tonya\Application Data\mIRC
2008-04-25 18:02 --------- d-----w C:\Program Files\mIRC
2008-04-18 16:51 --------- d-----w C:\Program Files\Activision
2008-04-06 15:50 --------- d-----w C:\Program Files\Ubisoft
2008-04-04 17:27 --------- d-----w C:\Program Files\Microsoft Games
2008-04-04 00:53 --------- d-----w C:\Program Files\OpenAL
2007-12-08 17:44 22,328 ----a-w C:\Documents and Settings\Tonya\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]
"ares"="C:\Program Files\Ares\Ares.exe" [2006-07-15 06:34 1212928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-26 12:04 219136]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 21:34 5419008]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 03:56 53760 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Tonya^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Tonya\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Tonya^Start Menu^Programs^Startup^Xfire.lnk]
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 12:15 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2006-07-15 06:34 1212928 C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]
--a------ 2004-12-01 16:28 69709 C:\Program Files\ATI Multimedia\main\ATIDtct.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
--a------ 2004-12-01 16:32 106575 C:\Program Files\ATI Multimedia\main\launchpd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]
--a------ 2004-08-27 00:51 200704 C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-02-01 22:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoSys]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2007-09-06 06:06 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2007-12-20 11:45 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run]
--a------ 2007-10-26 12:04 219136 C:\PROGRA~1\Grisoft\AVG7\avgw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-09-14 16:09 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
--a------ 2003-05-12 15:02 270336 C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-02-26 03:06 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcsystray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HookUpFinder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 20:24 50760 C:\Program Files\Common Files\AOL\1137247716\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
--a------ 2006-02-17 12:59 124520 C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kaspersky Anti-Virus Lite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-05-29 21:34 5419008 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-09-27 21:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
--a------ 2006-08-30 13:46 183367 C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-01-20 03:05 217088 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Repair Registry Pro]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 15:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STOPzilla]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 14:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xfire Music]
--a------ 2006-11-20 22:12 253650 C:\Program Files\Xfire\xfiremusic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-06-07 14:08 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2007-03-28 18:10 224248 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"AVGEMS"=2 (0x2)
"Netlogon"=3 (0x3)
"IDriverT"=3 (0x3)
"HTTPFilter"=3 (0x3)
"ImapiService"=3 (0x3)
"helpsvc"=2 (0x2)
"GoogleDesktopManager-010108-205858"=3 (0x3)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\Steam\\SteamApps\\jaygod\\counter-strike\\hl.exe"=
"C:\\Program Files\\Common Files\\AOL\\1137247716\\ee\\aim6.exe"=
"C:\\Program Files\\Steam\\SteamApps\\jaygod\\half-life 2\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\jaygod\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Steam\\SteamApps\\jaygod\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\jaygod\\condition zero\\hl.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Steam\\SteamApps\\jaygod\\source dedicated server\\srcds.exe"=
"C:\\Program Files\\Nexon\\Common\\NMService.exe"=
"C:\\Program Files\\Steam\\SteamApps\\jaygod\\half-life\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\jaygod\\team fortress classic\\hl.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1137247716\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Steam\\SteamApps\\yannison8792\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\yannison8792\\condition zero\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\flipside65\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\flipside65\\counter-strike source beta\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\flipside65\\day of defeat source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4 Demo\\Civilization4.exe"=
"C:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe"=
"C:\\Program Files\\Atari\\Deer Hunter 2005\\DH2005.exe"=
"C:\\Program Files\\Steam\\SteamApps\\jaygod\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\jaygod\\source sdk base\\hl2.exe"=
"C:\\Program Files\\Microsoft Games\\Allegiance\\Allegiance.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Steam\\SteamApps\\jaygod\\team fortress 2\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 UMAXPCLS;Print Port Scanner Driver;C:\WINDOWS\system32\DRIVERS\umaxpcls.sys [2001-08-17 14:58]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2003-04-30 13:24]
R3 tapgamerail;GameRail Adapter;C:\WINDOWS\system32\DRIVERS\tapgamerail.sys [2008-01-10 13:38]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-09-15 19:03]
S4 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-26 03:06]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-27 22:50:58 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-05-23 19:00:37 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-05-27 22:48:16 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-22 07:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\drivers\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\PROGRA~1\Aston\Aston.exe
C:\PROGRA~1\Aston\XP\internat.exe
.
**************************************************************************
.
Completion time: 2008-05-27 18:54:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-27 22:53:48
ComboFix2.txt 2008-05-24 01:08:42

Pre-Run: 16,095,268,864 bytes free
Post-Run: 16,092,962,816 bytes free

303 --- E O F --- 2008-05-23 10:58:27

greyknight17

No. Go to Start->Settings->Control Panel->Add/Remove Programs panel and uninstall them from there. Then, if the folders are still there, you may delete them.

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.

__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.

Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D

Anti-Spyware Tutorial :: Spyware Prevention Tools

RJC1989

I cant find Kaspersky Lite...And my lag issues still persist.