|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
|
|
LinkBack | Thread Tools |
08-18-2008, 08:27 PM
|
#1 (permalink) |
|
Registered User
Join Date: Aug 2008
Posts: 17
OS: Windows XP SP2
|
Well so far I've gone through every resource I have which usually completely destroy any Virus/Malware/Trojan/Unwanted Files I have, but these dll's I have messing with me just refuse to be destroyed. I'm gonna post my entire Hijackthis log, but I do want to pull your main focus to the following items as they are the ones that my XoftSpy SE and Security Task Manager have found to be the threats and yet can't get rid of and those are everything in the O21 section. So here goes, hopefully someone out there can help me solve this cause I've exausted everything I know to do. Also if you happen to notice anything besides those that needs to be smashed into a billion pieces please let me know. Here goes!
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:26:27 PM, on 8/18/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\WebcamMax\CAMTHINS.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\DISC\DISCover.exe C:\Program Files\Lexmark 5000 Series\lxdmmon.exe C:\Program Files\Lexmark 5000 Series\lxdmamon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DNA\btdna.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\arservice.exe C:\WINDOWS\system32\Brmfrmps.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\lxdmcoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\System32\alg.exe C:\Program Files\DISC\DiscStreamHub.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\HP\KBD\KBD.EXE c:\windows\system\hpsysdrv.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispat...=%s&tbid=66005 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.3929.cn?tn=102722 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66005 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_cu...spx?TbId=66005 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66005 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_cu...spx?TbId=66005 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fantamorph.com/download.htm#update R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Skype Control Class - {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - C:\WINDOWS\system32\SkypeComm.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: XBTB05199 - {A06DD01F-46E5-4C6C-B80B-B2C2F9011A8B} - C:\Program Files\Netdisaster\netdisaster_v1.2.dll O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\CAMTHINS.exe" /m O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe nogui O4 - HKLM\..\Run: [lxdmmon.exe] "C:\Program Files\Lexmark 5000 Series\lxdmmon.exe" O4 - HKLM\..\Run: [lxdmamon] "C:\Program Files\Lexmark 5000 Series\lxdmamon.exe" O4 - HKLM\..\Run: [Lexmark 5000 Series Fax Server] "C:\Program Files\Lexmark 5000 Series\fm3032.exe" /s O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: VirtuaGirl HD.LNK = C:\Program Files\vghd\vghd.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: Use as &Display Picture - C:\Program Files\IEDP2\IEDP.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Netdisaster - {BFB5F154-9212-46F3-B547-AC6106030A54} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Netdisaster - {BFB5F154-9212-46F3-B547-AC6106030A54} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46...abblecubes.cab O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47...amesLoader.cab O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/...nlineGames.cab O16 - DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) - https://w3s.webmoney.ru/WMAcceptor.dll O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.fubar.com/imgs/ImageUploader5.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fubar.com/imgs/ImageUploader4.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: zsqf.dll,ytfa.dll,ytfb.dll,ytfc.dll O21 - SSODL: dpwnktwo.dll - {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} - C:\WINDOWS\system32\dpwnktwo.dll O21 - SSODL: lweurqhx.dll - {71A78CD4-E470-4a18-8457-E0E0283DD507} - C:\WINDOWS\system32\lweurqhx.dll O21 - SSODL: adsntzt.dll - {E0F3526A-4165-4589-80CD-50B6FBAC3BDA} - C:\WINDOWS\system32\adsntzt.dll O21 - SSODL: msobjstl.dll - {319675CC-4129-497f-8C7F-E2F48251019E} - C:\WINDOWS\system32\msobjstl.dll O21 - SSODL: dispexcb.dll - {76D44356-B494-443a-BEDC-AA68DE4255E6} - C:\WINDOWS\system32\dispexcb.dll O21 - SSODL: catsrvwl.dll - {AF976DCD-754F-4ac2-BE49-951DC7AA57D2} - C:\WINDOWS\system32\catsrvwl.dll O21 - SSODL: tscfgwmijxsj.dll - {2CB77746-8ECC-40ca-8217-10CA8BE5EFC8} - C:\WINDOWS\system32\tscfgwmijxsj.dll O21 - SSODL: slbiopfs2.dll - {EB9660D8-E1CD-4ff0-B4A9-00CD907F928A} - C:\WINDOWS\system32\slbiopfs2.dll O21 - SSODL: comuidsg.dll - {898E02AB-9372-4a2c-9C4A-FFE1AF61097F} - C:\WINDOWS\system32\comuidsg.dll O21 - SSODL: twainyy.dll - {434FA69C-5F0A-42e1-82B8-10AF2C8E53C6} - C:\WINDOWS\system32\twainyy.dll O21 - SSODL: cliconfgzx.dll - {00050005-0005-0005-0005-00050005BB15} - C:\WINDOWS\system32\cliconfgzx.dll O21 - SSODL: dpvvoxmh.dll - {2876D76C-CAAA-4313-AF97-8D1D9A2A1087} - C:\WINDOWS\system32\dpvvoxmh.dll O21 - SSODL: bootvidgj.dll - {D3112B69-A745-4805-874E-ABD480EA1299} - C:\WINDOWS\system32\bootvidgj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fb_inet_server.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: lxdmCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdmserv.exe O23 - Service: lxdm_device - - C:\WINDOWS\system32\lxdmcoms.exe O23 - Service: DurrentControlSetione (MsWin32Reggdit) - Unknown owner - C:\WINDOWS\system32\serev.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\RpcSandraSrv.exe O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing) O24 - Desktop Component 0: (no name) - http://www.broomop.com/Bomberman/signup.php?img=1 -- End of file - 17426 bytes Whoops forgot this, sorry. Last edited by TheBruce1; 08-25-2008 at 09:53 AM. |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
08-27-2008, 06:10 AM
|
#4 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,143
OS: XP
|
Re: Unfixable Issue
Hello and welcome to TSF
========= Logs Required Log.txt Info.txt |
|
|
|
|
08-27-2008, 10:27 PM
|
#5 (permalink) |
|
Registered User
Join Date: Aug 2008
Posts: 17
OS: Windows XP SP2
|
Re: Unfixable Issue
I'm not sure how unusual this is, but my RSIT won't complete. It gets to "Performing Registry Dump" and then just sticks there. I'm not sure if this says anything to you, but I attempted to run ComboFix as one of my personal fix attempts before actually deciding to come ask for help with whatever this is and I let ComboFix run for FIVE DAYS STRAIGHT and it still never completed. I didn't shut off the computer or touch it for 5 entire days and it never finished. Getting to "Step 5 completed" took around 9 hours by itself. So I'm not sure what other steps we can take to attempt to make it so RSIT or Combofix can even complete their own tasks to begin with. Whatever this virus is it's a mean one that refuses to back down and it seems to only get worse adding new processes almost every day.
|
|
|
|
|
08-28-2008, 04:29 AM
|
#6 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,143
OS: XP
|
Re: Unfixable Issue
First of all you should not be running Combofix in an unsupervised enviroment, Combofix is not a general purpose tool, nor does just remove infections, it was created by and to be used solely by security analysts.
Please disconnect from the internet, reboot the system and run Combofix then RIST, if Combofix fails to run again, boot into safe mode and run Combofix there, then boot back into normal mode and run RIST. How to boot into safe mode Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers. |
|
|
|
|
08-31-2008, 06:46 PM
|
#7 (permalink) |
|
Registered User
Join Date: Aug 2008
Posts: 17
OS: Windows XP SP2
|
Re: Unfixable Issue
Sorry this response took so long, but the issue got so bad that Windows was no longer loading so I had to go ahead and use the Recovery Console to reinstall windows so that whatever essential files that were apparently messed up were replaced. Whatever this issue is it has persisted beyond the windows reinstall, but it's not quite as bad now. I was finally able to run ComboFix and RSIT as well as a few other scans I chose to do on my own. I shall post all logs I have for you to inspect including from first to last since I decided to run each of the other scans after ComboFix so it would have a chance to clear out whatever and then the following scans would only have the leftovers. So I shall do ComboFix, RSIT Log and RSIT Info, HJT, Malwarebyte's AntiMalware, and finally AVZ4. Here we go.
ComboFix 08-08-30.03 - Chris 2008-08-31 18:39:39.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.615 [GMT -5:00] Running from: C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\auto.exe C:\autorun.inf C:\DOCUME~1\CHRISK~1.000\LOCALS~1\Temp\WowInitcode.dll C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\All Users\lljydf16.ini C:\Documents and Settings\All Users\lljydf32.ini C:\Documents and Settings\All Users\zhqbdf16.ini C:\Documents and Settings\All Users\zsmsdf32.ini C:\Documents and Settings\All Users\zyndf16.ini C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\macromedia\Flash Player\#SharedObjects\YEDZYXEK\interclick.com C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\macromedia\Flash Player\#SharedObjects\YEDZYXEK\interclick.com\ud.sol C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Documents and Settings\Chris.KITCHEN-COMP.000\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\Chris.KITCHEN-COMP.000\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\Judi.KITCHEN-COMP.000\Application Data\macromedia\Flash Player\#SharedObjects\4CVQQR3K\interclick.com C:\Documents and Settings\Judi.KITCHEN-COMP.000\Application Data\macromedia\Flash Player\#SharedObjects\4CVQQR3K\interclick.com\ud.sol C:\Documents and Settings\Judi.KITCHEN-COMP.000\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Judi.KITCHEN-COMP.000\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Documents and Settings\Judi.KITCHEN-COMP.000\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\Judi.KITCHEN-COMP\Application Data\BITS C:\Documents and Settings\Judi.KITCHEN-COMP\Application Data\BITS\BITS.ini C:\Documents and Settings\Judi.KITCHEN-COMP\Application Data\macromedia\Flash Player\#SharedObjects\DQSRFRZJ\bin.clearspring.com C:\Documents and Settings\Judi.KITCHEN-COMP\Application Data\macromedia\Flash Player\#SharedObjects\DQSRFRZJ\bin.clearspring.com\clearspring.sol C:\Documents and Settings\Judi.KITCHEN-COMP\Application Data\macromedia\Flash Player\#SharedObjects\DQSRFRZJ\interclick.com C:\Documents and Settings\Judi.KITCHEN-COMP\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com C:\Documents and Settings\Judi.KITCHEN-COMP\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol C:\Documents and Settings\Judi.KITCHEN-COMP\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\WINDOWS\2.exe C:\WINDOWS\8.exe C:\WINDOWS\system\llzjy080832.exe C:\WINDOWS\system\zhnqbdf080822b.dll C:\WINDOWS\system\zhqbs080822.exe C:\WINDOWS\system\zyndle080822.exe C:\WINDOWS\system32\495271CA.dll C:\WINDOWS\system32\730B78A6.dll C:\WINDOWS\system32\9CA963CA.dll C:\WINDOWS\system32\bootvidgj.dll C:\WINDOWS\system32\bootvidgj.nls C:\WINDOWS\system32\catower.dll C:\WINDOWS\system32\certmgrkd.dll C:\WINDOWS\system32\certmgrkd.nls C:\WINDOWS\system32\cxpops.dll C:\WINDOWS\system32\dbii00.dll C:\WINDOWS\system32\discard.ini C:\WINDOWS\system32\dispexcb.dll C:\WINDOWS\system32\dispexcb.nls C:\WINDOWS\system32\drivers\HBKernel.sys C:\WINDOWS\system32\drivers\msiffei.sys C:\WINDOWS\system32\eoceps.dll C:\WINDOWS\system32\explore.exe C:\WINDOWS\system32\HBmhly.dll C:\WINDOWS\system32\imgutilhx2.dll C:\WINDOWS\system32\imgutilhx2.nls C:\WINDOWS\system32\kncer30.dll C:\WINDOWS\system32\knx32.dll C:\WINDOWS\system32\lmtlsb.dll C:\WINDOWS\system32\lweurqhx.nls C:\WINDOWS\system32\mduaey.dll C:\WINDOWS\system32\mduaeyk.exe C:\WINDOWS\system32\msobjstl.dll C:\WINDOWS\system32\msobjstl.nls C:\WINDOWS\system32\rditl.dll C:\WINDOWS\system32\rdtll.cfg C:\WINDOWS\system32\rdtll.dll C:\WINDOWS\system32\rdwddl.dll C:\WINDOWS\system32\rdzxl.dll C:\WINDOWS\system32\scrruncqsj.dll C:\WINDOWS\system32\scrruncqsj.nls C:\WINDOWS\system32\slbiopfs2.dll C:\WINDOWS\system32\slbiopfs2.nls C:\WINDOWS\system32\sufost.ini C:\WINDOWS\system32\thermaltinc.dll C:\WINDOWS\system32\tscfgwmijxsj.dll C:\WINDOWS\system32\tscfgwmijxsj.nls C:\WINDOWS\system32\Update.dat C:\WINDOWS\system32\wllame.dll C:\WINDOWS\system32\wrm32.dll D:\auto.exe D:\Autorun.inf E:\auto.exe E:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_HBKERNEL -------\Legacy_RESSDT -------\Legacy_SEUICTOL -------\Service_HBKernel -------\Service_msiffei -------\Service_RESSDT -------\Service_seuictol ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-31 ))))))))))))))))))))))))))))))) . 2008-08-31 17:06 . 2008-08-31 17:06 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2008-08-31 16:06 . 2008-08-31 16:06 884,512 --a------ C:\WINDOWS\system32\iyrhmksl.dll 2008-08-31 16:06 . 2008-08-31 16:06 36,352 --a------ C:\WINDOWS\system32\conimen.exe 2008-08-31 16:06 . 2008-08-31 16:06 20,480 --a------ C:\WINDOWS\system32\ixplrer.exe 2008-08-31 16:06 . 2008-08-31 16:06 2,432 --a------ C:\WINDOWS\system32\Fserys.sys 2008-08-31 16:06 . 2008-08-31 16:06 288 --a------ C:\WINDOWS\system32\iyrhmksl.nls 2008-08-31 16:05 . 2004-08-09 23:00 388,608 --a------ C:\WINDOWS\system32\tmpjj32df1.exe 2008-08-31 14:11 . 2008-08-31 14:11 711,456 --a------ C:\WINDOWS\system32\inetresdxc.dll 2008-08-31 14:11 . 2008-08-31 16:12 824 ---hs---- C:\WINDOWS\system32\rditl.cfg 2008-08-31 14:11 . 2008-08-31 16:06 552 ---hs---- C:\WINDOWS\system32\rdwddl.cfg 2008-08-31 14:11 . 2008-08-31 14:11 288 --a------ C:\WINDOWS\system32\vdtjvyuo.nls 2008-08-31 14:11 . 2008-08-31 14:11 288 --a------ C:\WINDOWS\system32\inetresdxc.nls 2008-08-31 14:11 . 2008-08-31 16:06 280 ---hs---- C:\WINDOWS\system32\rdzxl.cfg 2008-08-31 14:05 . 2008-08-31 16:11 824 ---hs---- C:\WINDOWS\system32\lmtlsb.cfg 2008-08-31 14:04 . 2008-08-31 14:04 <DIR> d-------- C:\Documents and Settings\Wayne.KITCHEN-COMP.000\Application Data\Malwarebytes 2008-08-31 14:04 . 2004-08-09 23:00 388,608 --a------ C:\WINDOWS\system32\tmplljydf2.exe 2008-08-31 14:04 . 2008-08-31 18:26 45,056 --a------ C:\WINDOWS\system\zjj32dla.dll 2008-08-31 14:04 . 2008-08-31 14:04 28,672 --a------ C:\WINDOWS\system32\cmbdaf.dll 2008-08-31 14:04 . 2008-08-31 14:04 11,776 --a------ C:\WINDOWS\system32\cmbdafk.exe 2008-08-31 01:57 . 2008-08-31 01:57 <DIR> d-------- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\vlc 2008-08-31 01:15 . 2008-08-31 11:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-31 01:15 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-31 01:15 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-31 00:56 . 2008-08-31 00:56 <DIR> d-------- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\Malwarebytes 2008-08-31 00:56 . 2008-08-31 00:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-31 00:36 . 2004-10-11 11:19 323,584 --a------ C:\WINDOWS\system32\PYTHONCOM22.DLL 2008-08-31 00:22 . 2008-08-31 00:22 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-08-30 20:06 . 2008-08-30 20:06 <DIR> d---s---- C:\Documents and Settings\Judi.KITCHEN-COMP.000\UserData 2008-08-30 19:42 . 2008-08-30 19:42 <DIR> d-------- C:\Documents and Settings\Judi.KITCHEN-COMP.000\Application Data\MxBoost 2008-08-30 19:35 . 2008-08-30 19:35 0 --a------ C:\Documents and Settings\Judi.KITCHEN-COMP.000\Application Data\wklnhst.dat 2008-08-30 11:28 . 2008-08-31 00:38 280 ---hs---- C:\WINDOWS\system32\xsbvgzd.cfg 2008-08-30 11:27 . 2008-08-30 11:27 288 --a------ C:\WINDOWS\system32\zfvmswwu.nls 2008-08-30 11:27 . 2008-08-30 11:27 212 --ahs---- C:\WINDOWS\system32\9CA963CA.cfg 2008-08-30 07:24 . 2008-08-30 07:24 <DIR> d-------- C:\Documents and Settings\Wayne.KITCHEN-COMP.000\Application Data\MxBoost 2008-08-30 07:21 . 2008-08-30 07:21 232 --ahs---- C:\WINDOWS\system32\495271CA.cfg 2008-08-30 07:20 . 2008-08-30 07:20 11,776 --a------ C:\WINDOWS\system32\cxpopsk.exe 2008-08-30 07:20 . 2008-08-30 07:20 5,632 --a------ C:\WINDOWS\system32\iXPT.sys 2008-08-30 07:20 . 2008-08-30 07:20 224 --ahs---- C:\WINDOWS\system32\730B78A6.cfg 2008-08-30 07:19 . 2008-08-31 16:06 1,049,376 --a------ C:\WINDOWS\system32\xolehlpjh.dll 2008-08-30 07:19 . 2008-08-31 14:11 428 --a------ C:\WINDOWS\system32\xolehlpjh.nls 2008-08-30 01:53 . 2008-08-30 01:53 <DIR> d-------- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\DAEMON Tools 2008-08-30 01:53 . 2008-08-30 01:53 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-08-30 01:37 . 2008-08-30 01:44 <DIR> d-------- C:\Program Files\MagicISO 2008-08-29 23:52 . 2008-08-30 01:35 5,120 --a------ C:\graph.grf 2008-08-29 23:49 . 2008-08-29 23:49 <DIR> d-------- C:\AV_LOGS 2008-08-29 22:59 . 2008-08-30 01:03 <DIR> d-------- C:\Program Files\AV WebCam Morpher 2008-08-29 22:06 . 2008-08-29 22:07 <DIR> d-------- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\Hamachi 2008-08-29 11:43 . 2008-08-29 11:43 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-08-29 10:58 . 2008-08-29 10:58 <DIR> d-------- C:\Documents and Settings\Wayne.KITCHEN-COMP.000\Application Data\HPQ 2008-08-28 21:00 . 2008-08-28 21:00 0 --a------ C:\WINDOWS\system32\cid_store.dat 2008-08-28 20:36 . 2008-08-28 20:36 <DIR> d-------- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\HPQ 2008-08-28 16:52 . 2008-08-28 16:52 <DIR> d-------- C:\Documents and Settings\Wayne.KITCHEN-COMP.000\Application Data\ICQ 2008-08-28 10:11 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll 2008-08-28 10:11 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll 2008-08-28 10:11 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-08-28 09:49 . 2006-02-10 23:31 <DIR> d-------- C:\Documents and Settings\Judi.KITCHEN-COMP.000\WINDOWS 2008-08-28 09:49 . 2008-08-19 21:31 <DIR> d-------- C:\Documents and Settings\Judi.KITCHEN-COMP.000\Application Data\SUPERAntiSpyware.com 2008-08-28 09:49 . 2007-04-17 01:31 <DIR> d-------- C:\Documents and Settings\Judi.KITCHEN-COMP.000\Application Data\MailFrontier 2008-08-28 09:49 . 2006-02-10 23:33 <DIR> d-------- C:\Documents and Settings\Judi.KITCHEN-COMP.000\Application Data\Intuit 2008-08-28 09:49 . 2008-08-30 20:06 <DIR> d-------- C:\Documents and Settings\Judi.KITCHEN-COMP.000 2008-08-28 09:39 . 2006-02-10 23:31 <DIR> d-------- C:\Documents and Settings\Wayne.KITCHEN-COMP.000\WINDOWS 2008-08-28 09:39 . 2008-08-19 21:31 <DIR> d-------- C:\Documents and Settings\Wayne.KITCHEN-COMP.000\Application Data\SUPERAntiSpyware.com 2008-08-28 09:39 . 2007-04-17 01:31 <DIR> d-------- C:\Documents and Settings\Wayne.KITCHEN-COMP.000\Application Data\MailFrontier 2008-08-28 09:39 . 2006-02-10 23:33 <DIR> d-------- C:\Documents and Settings\Wayne.KITCHEN-COMP.000\Application Data\Intuit 2008-08-28 09:39 . 2008-08-28 20:02 <DIR> d-------- C:\Documents and Settings\Wayne.KITCHEN-COMP.000 2008-08-28 05:08 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-08-28 05:08 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-08-28 05:08 . 2004-08-04 01:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-08-28 05:08 . 2001-08-17 16:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-08-28 04:01 . 2008-08-28 04:03 <DIR> d--h----- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\ijjigame 2008-08-28 04:01 . 2008-06-17 19:28 710,064 --a------ C:\WINDOWS\system32\ijjiSetup.exe 2008-08-28 04:01 . 2008-06-11 23:01 58,800 --a------ C:\WINDOWS\system32\ijjiPlugin2.dll 2008-08-28 04:01 . 2003-07-19 01:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd 2008-08-28 04:01 . 2005-01-02 16:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2008-08-28 03:56 . 2008-08-31 18:23 <DIR> d-------- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\MxBoost 2008-08-28 03:26 . 2008-08-31 14:12 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache 2008-08-28 03:21 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-08-28 03:18 . 2008-08-28 05:24 <DIR> d-------- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\Ventrilo 2008-08-28 03:09 . 2006-02-10 23:31 <DIR> d-------- C:\Documents and Settings\Chris.KITCHEN-COMP.000\WINDOWS 2008-08-28 03:09 . 2008-08-19 21:31 <DIR> d-------- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\SUPERAntiSpyware.com 2008-08-28 03:09 . 2007-04-17 01:31 <DIR> d-------- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\MailFrontier 2008-08-28 03:09 . 2006-02-10 23:33 <DIR> d-------- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\Intuit 2008-08-28 03:09 . 2008-08-28 03:15 <DIR> d-------- C:\Documents and Settings\Chris.KITCHEN-COMP.000 2008-08-28 03:06 . 2008-08-28 03:06 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-08-28 03:06 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-08-28 03:06 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-08-28 03:04 . 2008-08-28 03:06 <DIR> d-------- C:\Program Files\Windows Live 2008-08-28 03:01 . 2006-06-01 13:47 163,840 --------- C:\WINDOWS\system32\dllcache\jgdw400.dll 2008-08-28 03:01 . 2006-06-01 13:47 27,648 --------- C:\WINDOWS\system32\dllcache\jgpl400.dll 2008-08-28 03:00 . 2006-05-05 04:41 453,120 --------- C:\WINDOWS\system32\dllcache\mrxsmb.sys 2008-08-28 02:55 . 2008-07-18 22:10 45,768 --a------ C:\WINDOWS\system32\wups2.dll 2008-08-28 02:55 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-08-28 02:55 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-08-28 02:55 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-08-28 02:55 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-08-28 02:54 . 2008-08-28 02:54 <DIR> d---s---- C:\Documents and Settings\HP_Administrator\UserData 2008-08-28 02:53 . 2008-08-28 02:53 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\MxBoost 2008-08-28 02:24 . 2008-08-28 02:24 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Ventrilo 2008-08-28 02:17 . 2008-08-28 02:17 1,896 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_ER890AA-ABA a1410n_YC_0Pavi_QCN7607_E62NAemMPA1_48_INAGAMI_SASUSTek Computer INC._V1.01_B3.01_T060209_WXP2_L409_M959_J204_7AMD_8Athlon 64_92.4_#060526_N11861300_Z11C10620_G10DE0241.MRK 2008-08-28 02:16 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll 2008-08-28 02:16 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll 2008-08-28 02:16 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-08-28 02:16 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys 2008-08-28 02:14 . 2006-02-10 23:31 <DIR> d-------- C:\Documents and Settings\HP_Administrator\WINDOWS 2008-08-28 02:14 . 2008-08-19 21:31 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com 2008-08-28 02:14 . 2008-08-28 02:18 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\MailFrontier 2008-08-28 02:14 . 2006-02-10 23:33 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Intuit 2008-08-28 02:14 . 2008-08-28 02:54 <DIR> d-------- C:\Documents and Settings\HP_Administrator 2008-08-28 02:13 . 2006-02-10 23:31 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS 2008-08-28 02:13 . 2006-02-10 23:56 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec 2008-08-28 02:13 . 2008-08-19 21:31 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SUPERAntiSpyware.com 2008-08-28 02:13 . 2007-04-17 01:31 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\MailFrontier 2008-08-28 02:13 . 2006-02-10 23:33 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit 2008-08-28 00:48 . 2008-08-28 00:51 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-28 00:35 . 2007-06-13 05:23 1,033,216 --a------ C:\WINDOWS\SET14C0.tmp 2008-08-28 00:33 . 2007-02-28 04:10 2,180,352 --a------ C:\WINDOWS\system32\ntoskrnl.exe 2008-08-28 00:24 . 2008-04-13 19:12 1,033,728 --a------ C:\WINDOWS\SET586.tmp 2008-08-28 00:24 . 2006-12-28 14:01 19,569 --a------ C:\WINDOWS\003429_.tmp 2008-08-27 21:07 . 2008-08-27 21:07 <DIR> d-------- C:\rsit 2008-08-27 07:51 . 2008-08-27 07:51 29,764 --a------ C:\WINDOWS\lwow.exe 2008-08-27 03:19 . 2008-08-27 03:19 <DIR> d-------- C:\Program Files\TC Digital 2008-08-27 00:59 . 2008-08-27 01:01 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\HPQ 2008-08-27 00:52 . 2008-08-27 00:53 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\5000 Series 2008-08-23 19:33 . 2008-08-23 19:33 <DIR> d-------- C:\Documents and Settings\Judi.KITCHEN-COMP\Application Data\Megaupload 2008-08-23 18:48 . 2008-08-23 18:48 17,920 --a------ C:\WINDOWS\alexa.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-31 23:02 --------- d-----w C:\Program Files\vghd 2008-08-31 05:42 --------- d-----w C:\Program Files\XoftSpySE 2008-08-29 02:02 --------- d-----w C:\Program Files\Opera 2008-08-29 01:56 --------- d-----w C:\Program Files\Quicken 2008-08-28 21:53 --------- d-----w C:\Program Files\ICQ6 2008-08-28 14:57 --------- d-----w C:\Program Files\Google 2008-08-28 08:21 --------- d-----w C:\Program Files\Java 2008-08-28 08:09 --------- d-----w C:\Program Files\Symantec 2008-08-28 08:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-08-28 08:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-08-28 07:47 --------- d-----w C:\Program Files\Common Files\Real 2008-08-28 07:31 --------- d-----w C:\Program Files\GemMaster 2008-08-28 07:21 --------- d-----w C:\Program Files\Common Files\LogiShrd 2008-08-20 01:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-12 17:20 --------- d-s---w C:\Program Files\Xfire 2008-08-12 06:20 --------- d-----w C:\Program Files\Steam 2008-08-12 04:44 --------- d-----w C:\Program Files\FrostWire 2008-08-08 07:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies 2008-08-06 04:14 --------- d-----w C:\Program Files\WildGames 2008-08-06 04:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent 2008-08-02 02:38 --------- d-----w C:\Program Files\zMUD 2008-07-22 19:19 --------- d-----w C:\Program Files\Cheat Engine 2008-07-14 10:23 --------- d-----w C:\Program Files\FileZilla FTP Client 2008-07-14 03:54 --------- d-----w C:\Documents and Settings\Judi.KITCHEN-COMP\Application Data\AdobeUM 2008-07-01 10:18 --------- d-----w C:\Program Files\Maxthon2 2008-06-29 07:24 --------- d-----w C:\Program Files\WoS 2008-06-29 07:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Synthetic Reality 2008-06-12 03:24 26,759 --sh--w C:\gf2.sys 2008-05-31 03:00 26,684 --sh--w C:\gf1.sys 2008-03-31 11:26 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2006-11-21 23:25 831,488 ----a-w C:\Documents and Settings\Chris\soul.exe 2006-11-13 21:46 266,240 ----a-w C:\Documents and Settings\Chris\GameData.dll 2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll 2007-04-16 15:52 6,144 --sha-w C:\WINDOWS\system32\ghjsw.dll 2007-04-16 15:52 41,240 --sh--w C:\WINDOWS\system32\xsbvgzd.dll 2007-04-16 15:52 6,144 --sha-w C:\WINDOWS\system32\zxdtye.dll 2007-04-17 06:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007040920070416\index.dat 2007-04-17 06:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007041720070418\index.dat . ------- Sigcheck ------- 2005-03-01 19:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe 2006-12-19 11:12 2059392 ba4b97c00a437c1cc3da365d93ee1e9d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe 2007-02-28 04:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe 2005-03-01 19:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe 2006-12-19 07:55 2057600 1d659bfb788ed2ba45075624b748d249 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe 2007-02-28 03:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe 2007-02-28 03:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntkrnlpa.exe 2007-02-28 04:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntkrnlpa.exe 2008-04-13 13:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe 2007-02-28 03:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\ntkrnlpa.exe 2005-03-01 20:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe 2006-12-19 11:51 2182016 cef243f6defd20be4adde26c7ecacb54 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe 2007-02-28 04:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe 2005-03-01 19:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe 2006-12-19 09:17 2180352 8f0deab1f81fb83f9c5995853ce48b9f C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe 2007-02-28 04:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe 2007-02-28 04:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntoskrnl.exe 2007-02-28 04:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntoskrnl.exe 2008-04-13 14:27 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe 2007-02-28 04:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\ntoskrnl.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 23:00 15360] "SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-05-22 17:00 514048] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 07:11 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56 64512] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 20:15 7311360] "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 01:35 49152] "DISCover"="C:\Program Files\DISC\DISCover.exe" [2005-11-11 23:11 1064960] "DiscUpdateManager"="C:\Program Files\DISC\DiscUpdateMgr.exe" [2005-11-11 23:10 61440] "DMAScheduler"="c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 12:01 90112] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 01:14 237568] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 19:29 249856] "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 05:23 663552] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 09:12 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 77312 C:\WINDOWS\arpwrmsg.exe] "nwiz"="nwiz.exe" [2006-01-24 20:15 1519616 C:\WINDOWS\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-01-23 12:53 15969280 C:\WINDOWS\RTHDCPL.EXE] C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-02-10 22:38:06 27136] C:\Documents and Settings\Judi.KITCHEN-COMP.000\Start Menu\Programs\Startup\ dfzy.exe [2008-08-23 10:17:19 31580] C:\Documents and Settings\Wayne.KITCHEN-COMP.000\Start Menu\Programs\Startup\ dfjje.exe [2008-08-17 18:24:05 30376] C:\Documents and Settings\Chris\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] IMVU.lnk.disabled [2006-10-30 01:29:34 654] C:\Documents and Settings\Chris.KITCHEN-COMP.000\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 09:23:26 282624] Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-02-10 23:37:09 36903] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{F0930A2F-D971-4828-8209-B7DFD266ED44}"= "C:\WINDOWS\system32\xolehlpjh.dll" [2008-08-31 16:06 1049376] "{BB4E3499-0132-4d3f-849A-2BE1B26D84E1}"= "C:\WINDOWS\system32\inetresdxc.dll" [2008-08-31 14:11 711456] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "xolehlpjh.dll"= {F0930A2F-D971-4828-8209-B7DFD266ED44} - C:\WINDOWS\system32\xolehlpjh.dll [2008-08-31 16:06 1049376] "inetresdxc.dll"= {BB4E3499-0132-4d3f-849A-2BE1B26D84E1} - C:\WINDOWS\system32\inetresdxc.dll [2008-08-31 14:11 711456] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\DISC\\DISCover.exe"= "C:\\Program Files\\DISC\\DiscStreamHub.exe"= "C:\\Program Files\\DISC\\myFTP.exe"= "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "C:\\WINDOWS\\system32\\lxdmcoms.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmpswx.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmjswx.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmtime.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\ijji\\ENGLISH\\u_sf.exe"= "C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"= "C:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"= "C:\\Program Files\\Opera\\opera.exe"= R2 lxdm_device;lxdm_device;C:\WINDOWS\system32\lxdmcoms.exe [2007-06-08 04:05] R2 MBAMDrvService;MBAMDrvService;C:\WINDOWS\system32\drivers\mbam.sys [2008-08-17 15:05] R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-08-17 15:05] R2 WebCamHelper;WebCamHelper;C:\PROGRA~1\AVWEBC~1\WebCamHelper.sys [2007-07-06 16:58] S3 iXPT;iXPT;C:\WINDOWS\system32\iXPT.sys [2008-08-30 07:20] S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-08-17 15:05] . Contents of the 'Scheduled Tasks' folder 2008-08-31 C:\WINDOWS\Tasks\XoftSpySE 2.job - C:\Program Files\XoftSpySE\XoftSpy.exe [2007-07-13 08:43] . - - - - ORPHANS REMOVED - - - - HKLM-Run-PCDrProfiler - (no file) HKLM-Explorer_Run-dljj_df - C:\WINDOWS\system\llzjy080832.exe ShellExecuteHooks-{9CA963CA-107C-4089-B0AB-31380F90D7E3} - 9CA963CA.dll ShellExecuteHooks-{495271CA-D0C6-4052-ABE6-5B01C73CDFB0} - 495271CA.dll ShellExecuteHooks-{730B78A6-9B9C-4C44-8645-1873BDCFD3B1} - 730B78A6.dll Notify-!SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = www.google.com R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop R0 -: HKLM-Main,Start Page = www.google.com R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop O8 -: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 -: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 -: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 -: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 -: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 -: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-31 18:48:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\arservice.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\DISC\DiscGui.exe C:\Program Files\DISC\DiscStreamHub.exe C:\hp\KBD\kbd.exe C:\WINDOWS\system\hpsysdrv.exe . ************************************************************************** . Completion time: 2008-08-31 18:55:57 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-31 23:55:55 Pre-Run: 73,126,461,440 bytes free Post-Run: 73,513,414,656 bytes free 439 --- E O F --- 2008-08-30 16:37:06 Logfile of random's system information tool (written by random/random) Run by Chris at 2008-08-31 19:36:33 Microsoft Windows XP Professional Service Pack 2 System drive C: has 70 GB (39%) free of 182 GB Total RAM: 958 MB (41% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:36:34 PM, on 8/31/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\arservice.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\lxdmcoms.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\ARPWRMSG.EXE C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\DISC\DISCover.exe C:\Program Files\DISC\DiscUpdateMgr.exe C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\DISC\DiscGui.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\DISC\DiscStreamHub.exe C:\HP\KBD\KBD.EXE c:\windows\system\hpsysdrv.exe C:\WINDOWS\explorer.exe C:\Program Files\Opera\opera.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Chris.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.trymedia.com (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1219910103983 O21 - SSODL: xolehlpjh.dll - {F0930A2F-D971-4828-8209-B7DFD266ED44} - C:\WINDOWS\system32\xolehlpjh.dll O21 - SSODL: inetresdxc.dll - {BB4E3499-0132-4d3f-849A-2BE1B26D84E1} - C:\WINDOWS\system32\inetresdxc.dll O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxdm_device - - C:\WINDOWS\system32\lxdmcoms.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 8426 bytes Scheduled tasks folder C:\WINDOWS\tasks\XoftSpySE 2.job Registry dump [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}] hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512] "AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-03 77312] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-01-24 7311360] "nwiz"=C:\WINDOWS\system32\nwiz.exe [2006-01-24 1519616] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-01-23 15969280] "HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152] "DISCover"=C:\Program Files\DISC\DISCover.exe [2005-11-11 1064960] "DiscUpdateManager"=C:\Program Files\DISC\DiscUpdateMgr.exe [2005-11-11 61440] "DMAScheduler"=c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe [2005-11-01 90112] "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-23 237568] "HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-11-09 249856] "Reminder"=C:\Windows\Creator\Remind_XP.exe [2004-12-14 663552] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-05-12 49152] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-09 15360] "SkinClock"=C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [2008-05-22 514048] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952] C:\Documents and Settings\All Users\Start Menu\Programs\Startup HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\Documents and Settings\Chris.KITCHEN-COMP.000\Start Menu\Programs\Startup Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] xolehlpjh.dll - {F0930A2F-D971-4828-8209-B7DFD266ED44} - C:\WINDOWS\system32\xolehlpjh.dll [2008-08-31 1049376] inetresdxc.dll - {BB4E3499-0132-4d3f-849A-2BE1B26D84E1} - C:\WINDOWS\system32\inetresdxc.dll [2008-08-31 711456] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{F0930A2F-D971-4828-8209-B7DFD266ED44}"=C:\WINDOWS\system32\xolehlpjh.dll [2008-08-31 1049376] "{BB4E3499-0132-4d3f-849A-2BE1B26D84E1}"=C:\WINDOWS\system32\inetresdxc.dll [2008-08-31 711456] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System" "C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub" "C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP" "C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP" "C:\WINDOWS\system32\lxdmcoms.exe"="C:\WINDOWS\system32\lxdmcoms.exe:*:Enabled:5000 Series Server" "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmpswx.exe:*:Enabled:Printer Status Window Interface" "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmjswx.exe:*:Enabled:Job Status Window Interface" "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmtime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmtime.exe:*:Enabled:Lexmark Connect Time Executable" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\ijji\ENGLISH\u_sf.exe"="C:\ijji\ENGLISH\u_sf.exe:*:Enabled:<ijji Downloader>" "C:\ijji\ENGLISH\u_sf\soldierfront.exe"="C:\ijji\ENGLISH\u_sf\soldierfront.exe:*:Enabled:soldierfront" "C:\Program Files\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe"="C:\Program Files\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe:*:Enabled:MxDownloadServer" "C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" List of files/folders created in the last three months 2008-08-31 18:55:59 ----A---- C:\ComboFix.txt 2008-08-31 18:43:45 ----D---- C:\WINDOWS\temp 2008-08-31 18:38:47 ----D---- C:\QooBox 2008-08-31 16  33 ----A---- C:\WINDOWS\system32\iyrhmksl.dll2008-08-31 16 33 ----A---- C:\WINDOWS\system32\conimen.exe2008-08-31 16 31 ----A---- C:\WINDOWS\system32\ixplrer.exe2008-08-31 16:05:33 ----A---- C:\WINDOWS\system32\tmpjj32df1.exe 2008-08-31 14:11:05 ----A---- C:\WINDOWS\system32\inetresdxc.dll 2008-08-31 14:04:51 ----A---- C:\WINDOWS\system32\cmbdafk.exe 2008-08-31 14:04:51 ----A---- C:\WINDOWS\system32\cmbdaf.dll 2008-08-31 14:04:11 ----A---- C:\WINDOWS\system32\tmplljydf2.exe 2008-08-31 01:57:23 ----D---- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\vlc 2008-08-31 01:15:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-31 00:56:41 ----D---- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\Malwarebytes 2008-08-31 00:56:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-31 00:36:52 ----A---- C:\WINDOWS\system32\PYTHONCOM22.DLL 2008-08-31 00:22:31 ----D---- C:\Program Files\DAEMON Tools Lite 2008-08-30 11:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB926251$ 2008-08-30 07:20:42 ----A---- C:\WINDOWS\system32\cxpopsk.exe 2008-08-30 07:19:11 ----A---- C:\WINDOWS\system32\xolehlpjh.dll 2008-08-30 01:53:49 ----D---- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\DAEMON Tools 2008-08-30 01:37:29 ----D---- C:\Program Files\MagicISO 2008-08-29 23:49:37 ----D---- C:\AV_LOGS 2008-08-29 22:59:52 ----D---- C:\Program Files\AV WebCam Morpher 2008-08-29 22 48 ----D---- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\Hamachi2008-08-29 22:00:34 ----A---- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\AtomicAlarmClock.ini 2008-08-29 22:00:34 ----A---- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\alarms.ini 2008-08-29 17:14:35 ----D---- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\Google 2008-08-29 14:36:45 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$ 2008-08-29 11:55:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2008-08-29 11:43:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2008-08-29 11:43:00 ----D---- C:\Program Files\MSXML 4.0 2008-08-29 11:42:29 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$ 2008-08-29 11:42:12 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$ 2008-08-28 20:36:24 ----D---- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\HPQ 2008-08-28 10:11:30 ----A---- C:\WINDOWS\system32\muweb.dll 2008-08-28 10:11:30 ----A---- C:\WINDOWS\system32\mucltui.dll.mui 2008-08-28 10:11:30 ----A---- C:\WINDOWS\system32\mucltui.dll 2008-08-28 05:10:39 ----D---- C:\WINDOWS\Prefetch 2008-08-28 04:01:26 ----HD---- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\ijjigame 2008-08-28 04:01:17 ----A---- C:\WINDOWS\system32\ijjiSetup.exe 2008-08-28 04:01:17 ----A---- C:\WINDOWS\system32\ijjiPlugin2.dll 2008-08-28 03:56:30 ----D---- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\MxBoost 2008-08-28 03:50:52 ----D---- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\Adobe 2008-08-28 03:45:13 ----D---- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\Macromedia 2008-08-28 03:26:05 ----RSHD---- C:\WINDOWS\system32\dllcache 2008-08-28 03:21:43 ----A---- C:\WINDOWS\system32\javaws.exe 2008-08-28 03:21:43 ----A---- C:\WINDOWS\system32\javaw.exe 2008-08-28 03:21:43 ----A---- C:\WINDOWS\system32\java.exe 2008-08-28 03:18:46 ----D---- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\Ventrilo 2008-08-28 03:09:18 ----ASH---- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\desktop.ini 2008-08-28 03:09:15 ----SD---- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\Microsoft 2008-08-28 03:09:15 ----D---- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\MailFrontier 2008-08-28 03:09:15 ----D---- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\Intuit 2008-08-28 03:09:15 ----D---- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\Identities 2008-08-28 03:09:14 ----D---- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\SUPERAntiSpyware.com 2008-08-28 03:09:14 ----D---- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\Real 2008-08-28 03:09:14 ----D---- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\Opera 2008-08-28 03 48 ----DC---- C:\WINDOWS\system32\DRVSTORE2008-08-28 03:04:15 ----D---- C:\Program Files\Windows Live 2008-08-28 02:59:51 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$ 2008-08-28 02:58:30 ----D---- C:\WINDOWS\system32\PreInstall 2008-08-28 02:57:37 ----N---- C:\WINDOWS\system32\LegitCheckControl.dll 2008-08-28 02:55:47 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2008-08-28 02:55:47 ----A---- C:\WINDOWS\system32\wups2.dll 2008-08-28 02:55:47 ----A---- C:\WINDOWS\system32\wucltui.dll.mui 2008-08-28 02:55:46 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui 2008-08-28 02:55:46 ----A---- C:\WINDOWS\system32\wuapi.dll.mui 2008-08-28 02:34:18 ----D---- C:\WINDOWS\system32\appmgmt 2008-08-28 02:20:26 ----A---- C:\WINDOWS\system32\vfwwdm32.dll 2008-08-28 02:20:25 ----RSHD---- C:\cmdcons 2008-08-28 02:20:09 ----D---- C:\WINDOWS\setupupd 2008-08-28 02:16:48 ----A---- C:\WINDOWS\system32\wiafbdrv.dll 2008-08-28 00:48:31 ----D---- C:\WINDOWS\l2schemas 2008-08-28 00:35:10 ----A---- C:\WINDOWS\SET14C0.tmp 2008-08-28 00:33:23 ----A---- C:\WINDOWS\system32\ntoskrnl.exe 2008-08-28 00:33:01 ----DC---- C:\WINDOWS\$NtServicePackUninstall$ 2008-08-28 00:24:23 ----A---- C:\WINDOWS\SET586.tmp 2008-08-28 00:24:23 ----A---- C:\WINDOWS\003429_.tmp 2008-08-27 21:07:46 ----D---- C:\rsit 2008-08-27 07:51:13 ----A---- C:\WINDOWS\lwow.exe 2008-08-27 03:19:57 ----D---- C:\Program Files\TC Digital 2008-08-23 18:48:07 ----A---- C:\WINDOWS\alexa.exe 2008-08-23 10:24:56 ----A---- C:\WINDOWS\funshionplugin2.INI 2008-08-23 00:03:28 ----D---- C:\Program Files\Registrar Registry Manager 2008-08-22 23:56:03 ----A---- C:\VundoFix.txt 2008-08-22 20:33:52 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-08-22 13:24:19 ----A---- C:\WINDOWS\zzz.exe 2008-08-20 22:33:50 ----A---- C:\WINDOWS\WPE PRO.INI 2008-08-20 07:45:56 ----A---- C:\WINDOWS\zip.exe 2008-08-20 07:45:56 ----A---- C:\WINDOWS\VFind.exe 2008-08-20 07:45:56 ----A---- C:\WINDOWS\swxcacls.exe 2008-08-20 07:45:56 ----A---- C:\WINDOWS\swsc.exe 2008-08-20 07:45:56 ----A---- C:\WINDOWS\swreg.exe 2008-08-20 07:45:56 ----A---- C:\WINDOWS\sed.exe 2008-08-20 07:45:56 ----A---- C:\WINDOWS\Nircmd.exe 2008-08-20 07:45:56 ----A---- C:\WINDOWS\grep.exe 2008-08-20 07:45:56 ----A---- C:\WINDOWS\fdsv.exe 2008-08-20 07:13:32 ----A---- C:\WINDOWS\td.exe 2008-08-19 20:31:29 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-08-19 20:31:25 ----D---- C:\Program Files\SUPERAntiSpyware 2008-08-19 19:45:18 ----D---- C:\Documents and Settings\All Users\Application Data\PrevxCSI 2008-08-18 21:35:04 ----D---- C:\Program Files\Panda Security 2008-08-18 20:19:17 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2008-08-18 20:14:49 ----D---- C:\Program Files\Trend Micro 2008-08-16 15:37:53 ----A---- C:\WINDOWS\wow.exe 2008-08-13 23:04:08 ----D---- C:\Program Files\Maxtor 2008-08-12 13:36:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2008-08-12 13:36:52 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2008-08-12 13:36:47 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$ 2008-08-12 13:36:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2008-08-12 13:34:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$ 2008-08-12 13:34:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2008-08-12 13:34:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2008-08-12 13:33:07 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$ 2008-08-08 01:47:35 ----D---- C:\Program Files\MSECACHE 2008-07-27 00:58:38 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA 2008-07-26 21:23:33 ----D---- C:\Program Files\SnailWeb 2008-07-26 21 02 ----D---- C:\Program Files\HighStreet 52008-07-21 08:39:23 ----D---- C:\Program Files\DNA 2008-07-21 08:17:20 ----D---- C:\Program Files\NVIDIA Corporation 2008-07-18 05:57:54 ----D---- C:\Program Files\Final Fantasy VII 2008-07-14 06:09:18 ----N---- C:\WINDOWS\system32\tzchange.exe 2008-07-12 09:52:35 ----A---- C:\WINDOWS\system32\lxdmvs.dll 2008-07-12 09:52:34 ----A---- C:\WINDOWS\system32\lxdmusb1.dll 2008-07-12 09:52:34 ----A---- C:\WINDOWS\system32\lxdmserv.dll 2008-07-12 09:52:34 ----A---- C:\WINDOWS\system32\lxdmprox.dll 2008-07-12 09:52:34 ----A---- C:\WINDOWS\system32\lxdmpmui.dll 2008-07-12 09:52:33 ----A---- C:\WINDOWS\system32\lxdminpa.dll 2008-07-12 09:52:33 ----A---- C:\WINDOWS\system32\lxdmih.exe 2008-07-12 09:52:33 ----A---- C:\WINDOWS\system32\lxdmiesc.dll 2008-07-12 09:52:33 ----A---- C:\WINDOWS\system32\lxdmhbn3.dll 2008-07-12 09:52:33 ----A---- C:\WINDOWS\system32\lxdmgrd.dll 2008-07-12 09:52:32 ----A---- C:\WINDOWS\system32\lxdmcoms.exe 2008-07-12 09:52:32 ----A---- C:\WINDOWS\system32\lxdmcomm.dll 2008-07-12 09:52:32 ----A---- C:\WINDOWS\system32\lxdmcomc.dll 2008-07-12 09:52:31 ----A---- C:\WINDOWS\system32\lxdmlmpm.dll 2008-07-12 09:52:31 ----A---- C:\WINDOWS\system32\lxdmcoin.dll 2008-07-12 09:52:31 ----A---- C:\WINDOWS\system32\lxdmcfg.exe 2008-07-12 09:52:30 ----A---- C:\WINDOWS\system32\lxdmutil.dll 2008-07-12 09:52:26 ----A---- C:\WINDOWS\system32\lxdmjswr.dll 2008-07-12 09:52:26 ----A---- C:\WINDOWS\system32\lxdminsr.dll 2008-07-12 09:52:26 ----A---- C:\WINDOWS\system32\lxdminsb.dll 2008-07-12 09:52:26 ----A---- C:\WINDOWS\system32\lxdmins.dll 2008-07-12 09:52:25 ----A---- C:\WINDOWS\system32\lxdmgf.dll 2008-07-12 09:52:23 ----A---- C:\WINDOWS\system32\lxdmcur.dll 2008-07-12 09:52:23 ----A---- C:\WINDOWS\system32\lxdmcub.dll 2008-07-12 09:52:23 ----A---- C:\WINDOWS\system32\lxdmcu.dll 2008-07-12 09:51:51 ----A---- C:\WINDOWS\system32\lxdmdrs.dll 2008-07-12 09:51:51 ----A---- C:\WINDOWS\system32\lxdmcnv4.dll 2008-07-12 09:51:51 ----A---- C:\WINDOWS\system32\lxdmcfg.dll 2008-07-12 09:51:51 ----A---- C:\WINDOWS\system32\lxdmcaps.dll 2008-07-12 09:50:25 ----D---- C:\Documents and Settings\All Users\Application Data\5000 Series 2008-07-12 09:49:33 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint 2008-07-12 09:47:53 ----D---- C:\Program Files\Lexmark 5000 Series 2008-07-09 09:19:33 ----D---- C:\Program Files\Hamachi 2008-07-08 08:32:29 ----D---- C:\Program Files\GameTap 2008-07-01 05:16:41 ----D---- C:\MxDownload 2008-06-25 10:48:03 ----A---- C:\WINDOWS\RebirthRO FULL CLIENT Uninstall Log.txt 2008-06-24 04:36:53 ----D---- C:\Program Files\softnyx 2008-06-23 05:52:25 ----D---- C:\WINDOWS\RebirthRO FULL CLIENT 2008-06-23 05:52:14 ----A---- C:\WINDOWS\RebirthRO FULL CLIENT Setup Log.txt 2008-06-20 20:17:09 ----D---- C:\Program Files\SocksCapV2 2008-06-20 20:16:58 ----A---- C:\WINDOWS\uninst.exe 2008-06-19 03:13:33 ----D---- C:\Program Files\Freestyle Crew Gunz 2008-06-17 05:28:50 ----D---- C:\Program Files\Sierra Online 2008-06-11 03:37:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2008-06-11 03:34:32 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2008-06-11 03:26:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$ 2008-06-11 03:22:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$ 2008-06-11 03:19:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$ 2008-06-11 03:15:40 ----HDC---- C:\WINDOWS\$NtUninstallKB953356$ 2008-06-10 23:43:09 ----A---- C:\WINDOWS\GunzLauncher.INI 2008-06-10 23:31:31 ----D---- C:\Program Files\GunZ List of drivers R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352] R2 MBAMDrvService;MBAMDrvService; \??\C:\WINDOWS\system32\drivers\mbam.sys [] R2 WebCamHelper;WebCamHelper; \??\C:\PROGRA~1\AVWEBC~1\WebCamHelper.sys [] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-10-20 1095009] R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-03 22784] R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-03 19200] R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-03 5376] R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-03 4992] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800] R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-03 10112] R3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-08 138752] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-01-23 4145152] R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-07-18 41752] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-24 3535520] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928] R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-07-18 13848] R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-07-18 1278104] R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072] R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-03-31 27008] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-09 57600] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-09 26496] S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [] S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [] S3 aeknmf19;aeknmf19; C:\WINDOWS\system32\drivers\aeknmf19.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 iXPT;iXPT; \??\C:\WINDOWS\system32\iXPT.sys [] S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys [] S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-09 20480] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [] S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys [] List of services R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-03 58880] R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568] R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-12-19 73728] R2 lxdm_device;lxdm_device; C:\WINDOWS\system32\lxdmcoms.exe [2007-06-08 598960] R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-08-17 110200] R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-24 131139] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-09 267776] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-28 138168] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-09 14336] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912] S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-09 14336] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] -----------------EOF----------------- info.txt logfile of random's system information tool 2008-08-31 19:36:35 Uninstall list -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Agere Systems PCI-SV92PP Soft Modem-->agrsmdel AV WebCam Morpher 2.0-->C:\PROGRA~1\AVWEBC~1\UNWISE.EXE C:\PROGRA~1\AVWEBC~1\INSTALL.LOG AV WebCam Morpher-->C:\PROGRA~1\AVWEBC~1\UNWISE.EXE C:\PROGRA~1\AVWEBC~1\INSTALL.LOG DISCover-->"C:\Program Files\DISC\uninstall.exe" Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe" Hotfix for Windows XP (KB893357)-->"C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe" Hotfix for Windows XP (KB906569)-->"C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe" Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" HP Boot Optimizer-->C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /uninstall HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0} HP DigitalMedia Archive-->MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920} HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat HP DVD Play 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP Multimedia Keyboard Software-->C:\HP\KBD\Install.exe /remove HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat HP Photosmart Cameras 5.0-->C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat HP Photosmart for Media Center PC-->c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u HP Photosmart Premier Software 6.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP PSC & OfficeJet 5.3.A-->"C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93} HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat HP Web Helper-->regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll" ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe" Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120 Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9} Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} muvee autoProducer 4.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E073D315-3C54-44BF-A1B2-B5583AEA618C}\setup.exe" -l0x9 muvee autoProducer unPlugged 1.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35DD9A1D-B340-4F41-A8B0-6EEBFB119280}\setup.exe" -l0x9 NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI Opera 9.52-->MsiExec.exe /X{E1A88DE8-BD36-4DEA-8DD8-E35EF475ADC7} Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe" PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe PS2-->C:\WINDOWS\system32\ps2.exe uninstall Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log" Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG Realtek High Definition Audio Driver-->RtlUpd.exe -r -m Remove IntelliMover Demo-->c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c "C:\Program Files\IntelliMoverDemo\clean.bat" Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe" Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe" Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe" Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe" Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe" Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe" Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe" Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe" Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe" Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Soldier Front-->"C:\Program Files\InstallShield Installation Information\{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}\setup.exe" -runfromtemp -l0x0009 -removeonly Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205} Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe" Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe" Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe" Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0} Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Windows XP Hotfix - KB892050-->"C:\WINDOWS\$NtUninstallKB892050$\spuninst\spuninst.exe" Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB908250-->"C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe" Environment variables "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22 "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=2f02 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\ -----------------EOF-------------- I'll post the Malwarebyte's AntiMalware log and AVZ4's log as soon as Malwarebyte's finishes scanning. Last edited by TheBruce1; 09-01-2008 at 05:42 AM. |
|
|
|
|
09-01-2008, 06:45 AM
|
#8 (permalink) | ||
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,143
OS: XP
|
Re: Unfixable Issue
Quote:
Also do not put the logs into code boxes. ======== Your logs suggest the possibility that your computer was attacked by a backdoor trojan. This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? ======== Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs: WildTangent Web Driver(Optional)<-----Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer system including * Operating System Version * CPU Type and Speed * Memory Amount * Video Card type and Driver Version * Sound Card type and Driver Version * DirectX Version * Location that the Web Driver was installed from ========= Download ATF-Cleaner by Atribune to your desktop. Do not run just yet, we will shortly ========== Open notepad and copy/paste the text in the quotebox below into it: Quote:
 Refering to the picture above, drag CFscript into ComboFix.exe Follow the prompts, and post the resulting log, C:\ComboFix.txt Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system. Warning: Do not mouseclick combofix's window whilst it's running. That may cause it to stall When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis. Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file(s). ========== Double-click ATF Cleaner.exe to open it Under Main choose: Windows Temp Current User Temp All Users Temp Cookies Temporary Internet Files Prefetch Java Cache *The other boxes are optional* Then click the Empty Selected button. If you have Firefox installed: Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click NO at the prompt. If you have Opera installed: Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click NO at the prompt. Click Exit on the Main menu to close the program. ========== Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Click Accept, when prompted to download and install the program files and database of malware definitions.
This animation will guide you through the process:  To optimize scanning time and produce a more sensible report for review:
========== Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. ========== Logs Required C:\Combofix.txt Kaspersky Scan Report Hijackthis Log Why have you no virus protection installed. |
||
|
|
|
|
09-01-2008, 09:31 PM
|
#9 (permalink) |
|
Registered User
Join Date: Aug 2008
Posts: 17
OS: Windows XP SP2
|
Re: Unfixable Issue
No virus protection anymore due to reinstalling windows. I didn't want to install one until told to either. I've only been using Malwarebyte's AntiMalware's Realtime Protection. All 3 requested logs included and all steps followed to the letter.
ComboFix 08-08-30.03 - Chris 2008-09-01 15:46:25.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.535 [GMT -5:00] Running from: C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\CFscript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\lljydf16.ini C:\Documents and Settings\All Users\lljydf32.ini C:\Documents and Settings\Chris.KITCHEN-COMP.000\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat C:\WINDOWS\003429_.tmp C:\WINDOWS\2.exe C:\WINDOWS\system\llzjy080832.exe C:\WINDOWS\system\zjj32dla.dll C:\WINDOWS\system32\495271CA.cfg C:\WINDOWS\system32\495271CA.dll C:\WINDOWS\system32\730B78A6.cfg C:\WINDOWS\system32\730B78A6.dll C:\WINDOWS\system32\9CA963CA.cfg C:\WINDOWS\system32\9CA963CA.dll C:\WINDOWS\system32\C578B618.dll C:\WINDOWS\system32\cid_store.dat C:\WINDOWS\system32\cmbdaf.dll C:\WINDOWS\system32\cmbdafk.exe C:\WINDOWS\system32\conimen.exe C:\WINDOWS\system32\cxpopsk.exe C:\WINDOWS\system32\discard.ini C:\WINDOWS\system32\Fserys.sys C:\WINDOWS\system32\ghjsw.dll C:\WINDOWS\system32\inetresdxc.dll C:\WINDOWS\system32\inetresdxc.nls C:\WINDOWS\system32\ixplrer.exe C:\WINDOWS\system32\iXPT.sys C:\WINDOWS\system32\iyrhmksl.dll C:\WINDOWS\system32\iyrhmksl.nls C:\WINDOWS\system32\lmtlsb.cfg C:\WINDOWS\system32\lmwdsb.dll C:\WINDOWS\system32\rditl.cfg C:\WINDOWS\system32\rdwddl.cfg C:\WINDOWS\system32\rdzxl.cfg C:\WINDOWS\system32\sufost.ini C:\WINDOWS\system32\tmpjj32df1.exe C:\WINDOWS\system32\tmplljydf2.exe C:\WINDOWS\system32\vdtjvyuo.nls C:\WINDOWS\system32\xolehlpjh.dll C:\WINDOWS\system32\xolehlpjh.nls C:\WINDOWS\system32\xsbvgzd.cfg C:\WINDOWS\system32\xsbvgzd.dll C:\WINDOWS\system32\zfvmswwu.nls C:\WINDOWS\system32\zxdtye.dll C:\WINDOWS\td.exe C:\WINDOWS\zzz.exe D:\auto.exe D:\Autorun.inf E:\auto.exe E:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_RESSDT -------\Service_msiffei -------\Service_RESSDT ((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 ))))))))))))))))))))))))))))))) . 2008-09-01 07:59 . 2008-09-01 07:59 765,952 --------- C:\WINDOWS\system32\Ly_Server2008.exe 2008-09-01 07:59 . 2008-09-01 15:53 698,368 -r-hs---- C:\WINDOWS\system32\Ly_Server2008.DLL 2008-09-01 07:59 . 2008-09-01 15:54 61,440 -r-hs---- C:\WINDOWS\system32\Ly_Server2008Key.DLL 2008-09-01 07:59 . 2008-09-01 07:59 24,576 --a------ C:\WINDOWS\system32\aotoppt.dll 2008-09-01 07:59 . 2008-09-01 15:40 19,968 --a------ C:\WINDOWS\system32\kncer10.dll 2008-09-01 07:59 . 2008-09-01 07:59 11,776 --a------ C:\WINDOWS\system32\aotopptk.exe 2008-09-01 07:58 . 2004-08-09 23:00 388,608 --a------ C:\WINDOWS\system32\tmplljydf0.exe 2008-09-01 07:58 . 2004-08-09 23:00 388,608 --a------ C:\WINDOWS\system32\tmpjj32df0.exe 2008-09-01 07:58 . 2008-09-01 07:58 11,956 --a------ C:\WINDOWS\system32\WD.exe 2008-09-01 07:58 . 2008-09-01 15:53 824 ---hs---- C:\WINDOWS\system32\lmwdsb.cfg 2008-09-01 07:58 . 2008-09-01 07:58 232 --ahs---- C:\WINDOWS\system32\C578B618.cfg 2008-08-31 17:06 . 2008-08-31 17:06 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2008-08-31 14:04 . 2008-08-31 14:04 <DIR> d-------- C:\Documents and Settings\Wayne.KITCHEN-COMP.000\Application Data\Malwarebytes 2008-08-31 01:57 . 2008-08-31 01:57 <DIR> d-------- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\vlc 2008-08-31 01:15 . 2008-08-31 11:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-31 01:15 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-31 01:15 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-31 00:56 . 2008-08-31 00:56 <DIR> d-------- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\Malwarebytes 2008-08-31 00:56 . 2008-08-31 00:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-31 00:36 . 2004-10-11 11:19 323,584 --a------ C:\WINDOWS\system32\PYTHONCOM22.DLL 2008-08-31 00:22 . 2008-08-31 00:22 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-08-30 20:06 . 2008-08-30 20:06 <DIR> d---s---- C:\Documents and Settings\Judi.KITCHEN-COMP.000\UserData 2008-08-30 19:42 . 2008-08-30 19:42 <DIR> d-------- C:\Documents and Settings\Judi.KITCHEN-COMP.000\Application Data\MxBoost 2008-08-30 19:35 . 2008-08-30 19:35 0 --a------ C:\Documents and Settings\Judi.KITCHEN-COMP.000\Application Data\wklnhst.dat 2008-08-30 07:24 . 2008-08-30 07:24 <DIR> d-------- C:\Documents and Settings\Wayne.KITCHEN-COMP.000\Application Data\MxBoost 2008-08-30 01:53 . 2008-08-30 01:53 <DIR> d-------- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\DAEMON Tools 2008-08-30 01:53 . 2008-08-30 01:53 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-08-30 01:37 . 2008-08-30 01:44 <DIR> d-------- C:\Program Files\MagicISO 2008-08-29 23:52 . 2008-08-30 01:35 5,120 --a------ C:\graph.grf 2008-08-29 23:49 . 2008-08-29 23:49 <DIR> d-------- C:\AV_LOGS 2008-08-29 22:59 . 2008-08-30 01:03 <DIR> d-------- C:\Program Files\AV WebCam Morpher 2008-08-29 22:06 . 2008-08-29 22:07 <DIR> d-------- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\Hamachi 2008-08-29 11:43 . 2008-08-29 11:43 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-08-29 10:58 . 2008-08-29 10:58 <DIR> d-------- C:\Documents and Settings\Wayne.KITCHEN-COMP.000\Application Data\HPQ 2008-08-28 20:36 . 2008-08-28 20:36 <DIR> d-------- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\HPQ 2008-08-28 16:52 . 2008-08-28 16:52 <DIR> d-------- C:\Documents and Settings\Wayne.KITCHEN-COMP.000\Application Data\ICQ 2008-08-28 10:11 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll 2008-08-28 10:11 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll 2008-08-28 10:11 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-08-28 09:49 . 2006-02-10 23:31 <DIR> d-------- C:\Documents and Settings\Judi.KITCHEN-COMP.000\WINDOWS 2008-08-28 09:49 . 2008-08-19 21:31 <DIR> d-------- C:\Documents and Settings\Judi.KITCHEN-COMP.000\Application Data\SUPERAntiSpyware.com 2008-08-28 09:49 . 2007-04-17 01:31 <DIR> d-------- C:\Documents and Settings\Judi.KITCHEN-COMP.000\Application Data\MailFrontier 2008-08-28 09:49 . 2006-02-10 23:33 <DIR> d-------- C:\Documents and Settings\Judi.KITCHEN-COMP.000\Application Data\Intuit 2008-08-28 09:49 . 2008-08-30 20:06 <DIR> d-------- C:\Documents and Settings\Judi.KITCHEN-COMP.000 2008-08-28 09:39 . 2006-02-10 23:31 <DIR> d-------- C:\Documents and Settings\Wayne.KITCHEN-COMP.000\WINDOWS 2008-08-28 09:39 . 2008-08-19 21:31 <DIR> d-------- C:\Documents and Settings\Wayne.KITCHEN-COMP.000\Application Data\SUPERAntiSpyware.com 2008-08-28 09:39 . 2007-04-17 01:31 <DIR> d-------- C:\Documents and Settings\Wayne.KITCHEN-COMP.000\Application Data\MailFrontier 2008-08-28 09:39 . 2006-02-10 23:33 <DIR> d-------- C:\Documents and Settings\Wayne.KITCHEN-COMP.000\Application Data\Intuit 2008-08-28 09:39 . 2008-08-28 20:02 <DIR> d-------- C:\Documents and Settings\Wayne.KITCHEN-COMP.000 2008-08-28 05:08 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-08-28 05:08 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-08-28 05:08 . 2004-08-04 01:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-08-28 05:08 . 2001-08-17 16:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-08-28 04:01 . 2008-08-28 04:03 <DIR> d--h----- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\ijjigame 2008-08-28 04:01 . 2008-06-17 19:28 710,064 --a------ C:\WINDOWS\system32\ijjiSetup.exe 2008-08-28 04:01 . 2008-06-11 23:01 58,800 --a------ C:\WINDOWS\system32\ijjiPlugin2.dll 2008-08-28 04:01 . 2003-07-19 01:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd 2008-08-28 04:01 . 2005-01-02 16:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2008-08-28 03:56 . 2008-09-01 03:25 <DIR> d-------- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\MxBoost 2008-08-28 03:26 . 2008-09-01 15:40 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache 2008-08-28 03:21 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-08-28 03:18 . 2008-08-28 05:24 <DIR> d-------- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\Ventrilo 2008-08-28 03:09 . 2006-02-10 23:31 <DIR> d-------- C:\Documents and Settings\Chris.KITCHEN-COMP.000\WINDOWS 2008-08-28 03:09 . 2008-08-19 21:31 <DIR> d-------- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\SUPERAntiSpyware.com 2008-08-28 03:09 . 2007-04-17 01:31 <DIR> d-------- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\MailFrontier 2008-08-28 03:09 . 2006-02-10 23:33 <DIR> d-------- C:\Documents and Settings\Chris.KITCHEN-COMP.000\Application Data\Intuit 2008-08-28 03:09 . 2008-08-28 03:15 <DIR> d-------- C:\Documents and Settings\Chris.KITCHEN-COMP.000 2008-08-28 03:06 . 2008-08-28 03:06 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-08-28 03:06 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-08-28 03:06 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-08-28 03:04 . 2008-08-28 03:06 <DIR> d-------- C:\Program Files\Windows Live 2008-08-28 03:01 . 2006-06-01 13:47 163,840 --------- C:\WINDOWS\system32\dllcache\jgdw400.dll 2008-08-28 03:01 . 2006-06-01 13:47 27,648 --------- C:\WINDOWS\system32\dllcache\jgpl400.dll 2008-08-28 03:00 . 2006-05-05 04:41 453,120 --------- C:\WINDOWS\system32\dllcache\mrxsmb.sys 2008-08-28 02:55 . 2008-07-18 22:10 45,768 --a------ C:\WINDOWS\system32\wups2.dll 2008-08-28 02:55 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-08-28 02:55 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-08-28 02:55 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-08-28 02:55 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-08-28 02:54 . 2008-08-28 02:54 <DIR> d---s---- C:\Documents and Settings\HP_Administrator\UserData 2008-08-28 02:53 . 2008-08-28 02:53 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\MxBoost 2008-08-28 02:24 . 2008-08-28 02:24 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Ventrilo 2008-08-28 02:17 . 2008-08-28 02:17 1,896 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_ER890AA-ABA a1410n_YC_0Pavi_QCN7607_E62NAemMPA1_48_INAGAMI_SASUSTek Computer INC._V1.01_B3.01_T060209_WXP2_L409_M959_J204_7AMD_8Athlon 64_92.4_#060526_N11861300_Z11C10620_G10DE0241.MRK 2008-08-28 02:16 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll 2008-08-28 02:16 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll 2008-08-28 02:16 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-08-28 02:16 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys 2008-08-28 02:14 . 2006-02-10 23:31 <DIR> d-------- C:\Documents and Settings\HP_Administrator\WINDOWS 2008-08-28 02:14 . 2008-08-19 21:31 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com 2008-08-28 02:14 . 2008-08-28 02:18 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\MailFrontier 2008-08-28 02:14 . 2006-02-10 23:33 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Intuit 2008-08-28 02:14 . 2008-08-28 02:54 <DIR> d-------- C:\Documents and Settings\HP_Administrator 2008-08-28 02:13 . 2006-02-10 23:31 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS 2008-08-28 02:13 . 2006-02-10 23:56 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec 2008-08-28 02:13 . 2008-08-19 21:31 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SUPERAntiSpyware.com 2008-08-28 02:13 . 2007-04-17 01:31 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\MailFrontier 2008-08-28 02:13 . 2006-02-10 23:33 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit 2008-08-28 00:48 . 2008-08-28 00:51 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-28 00:35 . 2007-06-13 05:23 1,033,216 --a------ C:\WINDOWS\SET14C0.tmp 2008-08-28 00:33 . 2007-02-28 04:10 2,180,352 --a------ C:\WINDOWS\system32\ntoskrnl.exe 2008-08-28 00:24 . 2008-04-13 19:12 1,033,728 --a------ C:\WINDOWS\SET586.tmp 2008-08-27 21:07 . 2008-08-31 19:36 <DIR> d-------- C:\rsit 2008-08-27 07:51 . 2008-08-27 07:51 29,764 --a------ C:\WINDOWS\lwow.exe 2008-08-27 03:19 . 2008-08-27 03:19 <DIR> d-------- C:\Program Files\TC Digital 2008-08-27 00:59 . 2008-08-27 01:01 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\HPQ 2008-08-27 00:52 . 2008-08-27 00:53 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\5000 Series 2008-08-23 19:33 . 2008-08-23 19:33 <DIR> d-------- C:\Documents and Settings\Judi.KITCHEN-COMP\Application Data\Megaupload 2008-08-23 18:48 . 2008-08-23 18:48 17,920 --a------ C:\WINDOWS\alexa.exe 2008-08-23 10:24 . 2008-08-27 23:20 28 --a------ C:\WINDOWS\funshionplugin2.INI 2008-08-23 10:17 . 2008-08-23 10:17 490,496 ---hs---- C:\WINDOWS\system\nzhqb32a.dll 2008-08-23 00:03 . 2008-08-27 01:01 <DIR> d-------- C:\Program Files\Registrar Registry Manager 2008-08-22 20:33 . 2008-08-22 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-08-20 22:33 . 2008-08-28 00:19 324 --a------ C:\WINDOWS\WPE PRO.INI 2008-08-19 21:31 . 2008-08-19 21:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-08-19 20:31 . 2008-08-31 11:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-08-19 20:31 . 2008-08-19 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-08-19 19:45 . 2008-08-19 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI 2008-08-18 21:35 . 2008-08-19 19:59 <DIR> d-------- C:\Program Files\Panda Security 2008-08-18 20:19 . 2008-08-18 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2008-08-18 20:14 . 2008-08-18 20:14 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-16 15:54 . 2008-08-16 15:54 <DIR> d-------- C:\Documents and Settings\Judi.KITCHEN-COMP\Application Data\muvee Technologies 2008-08-16 15:37 . 2008-08-16 15:37 14,531 --a------ C:\WINDOWS\wow.exe 2008-08-13 23:04 . 2008-08-13 23:04 <DIR> d-------- C:\Program Files\Maxtor 2008-08-08 01:47 . 2008-08-19 12:41 <DIR> d-------- C:\Program Files\MSECACHE 2008-08-02 15:16 . 2008-08-02 15:16 <DIR> d-------- C:\Documents and Settings\Judi.KITCHEN-COMP\Application Data\Apple Computer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-31 23:02 --------- d-----w C:\Program Files\vghd 2008-08-31 05:42 --------- d-----w C:\Program Files\XoftSpySE 2008-08-29 02:02 --------- d-----w C:\Program Files\Opera 2008-08-29 01:56 --------- d-----w C:\Program Files\Quicken 2008-08-28 21:53 --------- d-----w C:\Program Files\ICQ6 2008-08-28 14:57 --------- d-----w C:\Program Files\Google 2008-08-28 08:21 --------- d-----w C:\Program Files\Java 2008-08-28 08:09 --------- d-----w C:\Program Files\Symantec 2008-08-28 08:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-08-28 08:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-08-28 07:47 --------- d-----w C:\Program Files\Common Files\Real 2008-08-28 07:31 --------- d-----w C:\Program Files\GemMaster 2008-08-28 07:21 --------- d-----w C:\Program Files\Common Files\LogiShrd 2008-08-20 01:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-12 17:20 --------- d-s---w C:\Program Files\Xfire 2008-08-12 06:20 --------- d-----w C:\Program Files\Steam 2008-08-12 04:44 --------- d-----w C:\Program Files\FrostWire 2008-08-08 07:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies 2008-08-06 04:14 --------- d-----w C:\Program Files\WildGames 2008-08-06 04:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent 2008-08-02 22:51 --------- d-----w C:\Documents and Settings\Judi.KITCHEN-COMP\Application Data\5000 Series 2008-08-02 22:50 --------- d-----w C:\Program Files\Lexmark 5000 Series 2008-08-02 02:38 --------- d-----w C:\Program Files\zMUD 2008-07-31 01:57 --------- d-----w C:\Program Files\HighStreet 5 2008-07-27 05:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA 2008-07-27 02:23 --------- d-----w C:\Program Files\SnailWeb 2008-07-22 19:19 --------- d-----w C:\Program Files\Cheat Engine 2008-07-21 13:39 --------- d-----w C:\Program Files\DNA 2008-07-21 13:17 --------- d-----w C:\Program Files\NVIDIA Corporation 2008-07-18 11:25 --------- d-----w C:\Program Files\Final Fantasy VII 2008-07-14 10:23 --------- d-----w C:\Program Files\FileZilla FTP Client 2008-07-14 03:54 --------- d-----w C:\Documents and Settings\Judi.KITCHEN-COMP\Application Data\AdobeUM 2008-07-14 01:37 --------- d-----w C:\Documents and Settings\Judi.KITCHEN-COMP\Application Data\Lexmark Productivity Studio 2008-07-12 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\5000 Series 2008-07-12 14:49 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint 2008-07-09 14:19 --------- d-----w C:\Program Files\Hamachi 2008-07-08 13:32 --------- d-----w C:\Program Files\GameTap 2008-07-01 10:18 --------- d-----w C:\Program Files\Maxthon2 2008-06-12 03:24 26,759 --sh--w C:\gf2.sys 2008-03-31 11:26 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2006-11-21 23:25 831,488 ----a-w C:\Documents and Settings\Chris\soul.exe 2006-11-13 21:46 266,240 ----a-w C:\Documents and Settings\Chris\GameData.dll 2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll 2004-08-10 11:00 22,634 --sh--w C:\WINDOWS\system32\kncer10.exe 2007-04-17 06:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007040920070416\index.dat 2007-04-17 06:25 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007041720070418\index.dat . ------- Sigcheck ------- 2005-03-01 19:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe 2006-12-19 11:12 2059392 ba4b97c00a437c1cc3da365d93ee1e9d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe 2007-02-28 04:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe 2005-03-01 19:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe 2006-12-19 07:55 2057600 1d659bfb788ed2ba45075624b748d249 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe 2007-02-28 03:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe 2007-02-28 03:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntkrnlpa.exe 2007-02-28 04:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntkrnlpa.exe 2008-04-13 13:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe 2007-02-28 03:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\ntkrnlpa.exe 2005-03-01 20:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe 2006-12-19 11:51 2182016 cef243f6defd20be4adde26c7ecacb54 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe 2007-02-28 04:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe 2005-03-01 19:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe 2006-12-19 09:17 2180352 8f0deab1f81fb83f9c5995853ce48b9f C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe 2007-02-28 04:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe 2007-02-28 04:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntoskrnl.exe 2007-02-28 04:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntoskrnl.exe 2008-04-13 14:27 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe 2007-02-28 04:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\ntoskrnl.exe . ((((((((((((((((((((((((((((( snapshot@2008-08-31_18.55.35.35 ))))))))))))))))))))))))))))))))))))))))) . + 2008-09-01 20:54:26 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_58c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 23:00 15360] "SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-05-22 17:00 514048] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 07:11 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56 64512] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 20:15 7311360] "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 01:35 49152] "DISCover"="C:\Program Files\DISC\DISCover.exe" [2005-11-11 23:11 1064960] "DiscUpdateManager"="C:\Program Files\DISC\DiscUpdateMgr.exe" [2005-11-11 23:10 61440] "DMAScheduler"="c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 12:01 90112] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 01:14 237568] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 19:29 249856] "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 05:23 663552] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 09:12 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "LUOMWD"="C:\WINDOWS\system32\WD.exe" [2008-09-01 07:58 11956] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 77312 C:\WINDOWS\arpwrmsg.exe] "nwiz"="nwiz.exe" [2006-01-24 20:15 1519616 C:\WINDOWS\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-01-23 12:53 15969280 C:\WINDOWS\RTHDCPL.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "dljj_df"="C:\WINDOWS\system\llzjy080832.exe" [BU] C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-02-10 22:38:06 27136] C:\Documents and Settings\Judi.KITCHEN-COMP.000\Start Menu\Programs\Startup\ dfzy.exe [2008-08-23 10:17:19 31580] C:\Documents and Settings\Wayne.KITCHEN-COMP.000\Start Menu\Programs\Startup\ dfjje.exe [2008-08-17 18:24:05 30376] C:\Documents and Settings\Chris\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] IMVU.lnk.disabled [2006-10-30 01:29:34 654] C:\Documents and Settings\Chris.KITCHEN-COMP.000\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 09:23:26 282624] Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-02-10 23:37:09 36903] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{9CA963CA-107C-4089-B0AB-31380F90D7E3}"= "9CA963CA.dll" [BU] "{730B78A6-9B9C-4C44-8645-1873BDCFD3B1}"= "730B78A6.dll" [BU] "{495271CA-D0C6-4052-ABE6-5B01C73CDFB0}"= "495271CA.dll" [BU] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=aotoppt.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\DISC\\DISCover.exe"= "C:\\Program Files\\DISC\\DiscStreamHub.exe"= "C:\\Program Files\\DISC\\myFTP.exe"= "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "C:\\WINDOWS\\system32\\lxdmcoms.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmpswx.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmjswx.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmtime.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\ijji\\ENGLISH\\u_sf.exe"= "C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"= "C:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"= "C:\\Program Files\\Opera\\opera.exe"= R2 lxdm_device;lxdm_device;C:\WINDOWS\system32\lxdmcoms.exe [2007-06-08 04:05] R2 WebCamHelper;WebCamHelper;C:\PROGRA~1\AVWEBC~1\WebCamHelper.sys [2007-07-06 16:58] S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-08-17 15:05] S2 WindowsEntMianFeiV08;Ent58ComBackFx;C:\WINDOWS\System32\Ly_Server2008.exe [2008-09-01 07:59] S3 iXPT;iXPT;C:\WINDOWS\system32\iXPT.sys [] . Contents of the 'Scheduled Tasks' folder 2008-09-01 C:\WINDOWS\Tasks\XoftSpySE 2.job - C:\Program Files\XoftSpySE\XoftSpy.exe [2007-07-13 08:43] . - - - - ORPHANS REMOVED - - - - ShellExecuteHooks-{C578B618-FAF7-4D46-BD55-50655B94FEF7} - C578B618.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-01 15:54:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LUOMWD = C:\WINDOWS\system32\WD.exe???????? ?@???@???@??? ??? ???0????????????????%?|?????#?|???|???|???????????????????|?????/???????/??????@???????<???@???????2??|7????????????0??????`???????2??|????????????????8????2?||??????|8??|????2??|???|???|?0@?#???`#??????l?? scanning hidden files ... C:\WINDOWS\system32\Ly_Server2008.DLL 698368 bytes executable C:\WINDOWS\system32\Ly_Server2008.exe 765952 bytes executable C:\WINDOWS\system32\Ly_Server2008Key.DLL 61440 bytes executable scan completed successfully hidden files: 3 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\arservice.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\DISC\DiscStreamHub.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\rundll32.exe C:\hp\KBD\kbd.exe C:\WINDOWS\system\hpsysdrv.exe . ************************************************************************** . Completion time: 2008-09-01 15:59:59 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-01 20:59:57 ComboFix2.txt 2008-08-31 23:55:59 Pre-Run: 73,112,154,112 bytes free Post-Run: 73,121,538,048 bytes free 403 --- E O F --- 2008-08-30 16:37:06 ========= KASPERSKY ONLINE SCANNER 7 REPORT Monday, September 1, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, September 01, 2008 20:59:26 Records in database: 1175122 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ Scan statistics Files scanned 273362 Threat name 57 Infected objects 164 Suspicious objects 0 Duration of the scan 05:19:05 File name Threat name Threats count arservice.exe\Ly_Server2008Key.DLL/arservice.exe\Ly_Server2008Key.DLL Infected: Backdoor.Win32.Hupigon.bbj 1 C:\WINDOWS\System32\Ly_Server2008Key.DLL/C:\WINDOWS\System32\Ly_Server2008Key.DLL Infected: Backdoor.Win32.Hupigon.cdc 22 ehtray.exe\Ly_Server2008Key.DLL/ehtray.exe\Ly_Server2008Key.DLL Infected: Backdoor.Win32.Hupigon.bbj 1 arpwrmsg.exe\Ly_Server2008Key.DLL/arpwrmsg.exe\Ly_Server2008Key.DLL Infected: Backdoor.Win32.Hupigon.bbj 1 RTHDCPL.EXE\Ly_Server2008Key.DLL/RTHDCPL.EXE\Ly_Server2008Key.DLL Infected: Backdoor.Win32.Hupigon.bbj 1 DISCover.exe\Ly_Server2008Key.DLL/DISCover.exe\Ly_Server2008Key.DLL Infected: Backdoor.Win32.Hupigon.bbj 1 DISCUpdateMgr.exe\Ly_Server2008Key.DLL/DISCUpdateMgr.exe\Ly_Server2008Key.DLL Infected: Backdoor.Win32.Hupigon.bbj 1 DMAScheduler.exe\Ly_Server2008Key.DLL/DMAScheduler.exe\Ly_Server2008Key.DLL Infected: Backdoor.Win32.Hupigon.bbj 1 hpwuSchd2.exe\Ly_Server2008Key.DLL/hpwuSchd2.exe\Ly_Server2008Key.DLL Infected: Backdoor.Win32.Hupigon.bbj 1 ctfmon.exe\Ly_Server2008Key.DLL/ctfmon.exe\Ly_Server2008Key.DLL Infected: Backdoor.Win32.Hupigon.bbj 1 hpqtra08.exe\Ly_Server2008Key.DLL/hpqtra08.exe\Ly_Server2008Key.DLL Infected: Backdoor.Win32.Hupigon.bbj 1 MDM.EXE\Ly_Server2008Key.DLL/MDM.EXE\Ly_Server2008Key.DLL Infected: Backdoor.Win32.Hupigon.bbj 1 Updates from HP.exe\Ly_Server2008Key.DLL/Updates from HP.exe\Ly_Server2008Key.DLL Infected: Backdoor.Win32.Hupigon.bbj 1 nvsvc32.exe\Ly_Server2008Key.DLL/nvsvc32.exe\Ly_Server2008Key.DLL Infected: Backdoor.Win32.Hupigon.bbj 1 IEXPLORE.EXE\Ly_Server2008.DLL/IEXPLORE.EXE\Ly_Server2008.DLL Infected: Packed.Win32.NSAnti.b 1 C:\WINDOWS\System32\Ly_Server2008.DLL/C:\WINDOWS\System32\Ly_Server2008.DLL Infected: Packed.Win32.NSAnti.b 1 IEXPLORE.EXE\Ly_Server2008Key.DLL/IEXPLORE.EXE\Ly_Server2008Key.DLL Infected: Backdoor.Win32.Hupigon.bbj 2 ehmsas.exe\Ly_Server2008Key.DLL/ehmsas.exe\Ly_Server2008Key.DLL Infected: Backdoor.Win32.Hupigon.bbj 1 DiscStreamHub.exe\Ly_Server2008Key.DLL/DiscStreamHub.exe\Ly_Server2008Key.DLL Infected: Backdoor.Win32.Hupigon.bbj 1 wuauclt.exe\Ly_Server2008Key.DLL/wuauclt.exe\Ly_Server2008Key.DLL Infected: Backdoor.Win32.Hupigon.bbj 1 kbd.exe\Ly_Server2008Key.DLL/kbd.exe\Ly_Server2008Key.DLL Infected: Backdoor.Win32.Hupigon.bbj 1 hpsysdrv.exe\Ly_Server2008Key.DLL/hpsysdrv.exe\Ly_Server2008Key.DLL Infected: Backdoor.Win32.Hupigon.bbj 1 explorer.exe\Ly_Server2008Key.DLL/explorer.exe\Ly_Server2008Key.DLL Infected: Backdoor.Win32.Hupigon.bbj 1 opera.exe\Ly_Server2008Key.DLL/opera.exe\Ly_Server2008Key.DLL Infected: Backdoor.Win32.Hupigon.bbj 1 C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\zjdxb4xa.default\Cache\72ABEFE6d01 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 4 C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\avz4\Quarantine\2008-08-31\avz00006.dta Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\avz4\Quarantine\2008-08-31\avz00007.dta Infected: Trojan-GameThief.Win32.OnLineGames.syni 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\avz4\Quarantine\2008-08-31\avz00009.dta Infected: Trojan-GameThief.Win32.OnLineGames.sknp 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\avz4\Quarantine\2008-08-31\avz00010.dta Infected: Trojan-GameThief.Win32.OnLineGames.tarf 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\avz4\Quarantine\2008-08-31\avz00011.dta Infected: Trojan-GameThief.Win32.OnLineGames.symd 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\avz4\Quarantine\2008-08-31\avz00012.dta Infected: Trojan-GameThief.Win32.OnLineGames.tart 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\avz4\Quarantine\2008-08-31\avz00013.dta Infected: Trojan-GameThief.Win32.OnLineGames.taqz 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\avz4\Quarantine\2008-08-31\avz00015.dta Infected: Trojan-GameThief.Win32.OnLineGames.szbq 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\avz4\Quarantine\2008-08-31\avz00016.dta Infected: Trojan-GameThief.Win32.OnLineGames.symd 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\avz4\Quarantine\2008-08-31\avz00017.dta Infected: Trojan-GameThief.Win32.OnLineGames.tank 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\avz4\Quarantine\2008-08-31\avz00021.dta Infected: Trojan-GameThief.Win32.OnLineGames.sfhk 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\avz4\Quarantine\2008-08-31\avz00022.dta Infected: Trojan-GameThief.Win32.OnLineGames.szsd 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\avz4\Quarantine\2008-08-31\avz00026.dta Infected: Trojan-GameThief.Win32.WOW.bvt 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\avz4\Quarantine\2008-08-31\avz00031.dta Infected: Worm.Win32.AutoRun.dyn 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\avz4\Quarantine\2008-08-31\avz00032.dta Infected: Trojan.Win32.KillAV.alr 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\avz4\Quarantine\2008-08-31\avz00033.dta Infected: Worm.Win32.AutoRun.dyn 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\avz4\Quarantine\2008-08-31\avz00034.dta Infected: Trojan.Win32.KillAV.alr 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\avz4\Quarantine\2008-08-31\avz00035.dta Infected: Worm.Win32.AutoRun.dyn 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\avz4\Quarantine\2008-08-31\avz00036.dta Infected: Trojan.Win32.KillAV.alr 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\WPE PRO.exe Infected: HackTool.Win32.Sniffer.WpePro.u 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\wpepro09x.zip Infected: HackTool.Win32.Sniffer.WpePro.u 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\wpepro09x.zip Infected: HackTool.Win32.Sniffer.WpePro.w 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\Desktop\WpeSpy.dll Infected: HackTool.Win32.Sniffer.WpePro.w 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\My Documents\download\monstermac666\tightvnc-1.2.9-setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\My Documents\download\monstermac666\tightvnc-1.2.9-setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\My Documents\Game ****\Trainers\DragonFableUltimateHack\SWFs and Apps\Filters and WPEs\EPE PRO.exe Infected: HackTool.Win32.Sniffer.WpePro.u 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\My Documents\Game ****\Trainers\DragonFableUltimateHack\SWFs and Apps\Filters and WPEs\EpeSpy.dll Infected: HackTool.Win32.Sniffer.WpePro.w 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\My Documents\Game ****\Trainers\DragonFableUltimateHack\SWFs and Apps\Filters and WPEs\WPE PRO.exe Infected: HackTool.Win32.Sniffer.WpePro.u 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\My Documents\Game ****\Trainers\DragonFableUltimateHack\SWFs and Apps\Filters and WPEs\WpeSpy.dll Infected: HackTool.Win32.Sniffer.WpePro.w 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\My Documents\Game ****\Trainers\DragonFableUltimateHack\SWFs and Apps\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\My Documents\Gamez\HL2Hook v13.0.3.2\miranda32.exe Infected: Backdoor.Win32.SdBot.dzb 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\My Documents\Gamez\HL2Hook v13.0.3.2.rar Infected: Backdoor.Win32.SdBot.dzb 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\My Documents\My Pictures\CounterStrike\sd_p6alpha_full_setup.exe Infected: Trojan-PSW.Win32.Steam.dj 1 C:\Documents and Settings\Chris.KITCHEN-COMP.000\My Documents\YahooTools\YahExtreme\YahWorld Xtreme v.2.exe Infected: HackTool.Win32.VB.py 1 C:\Documents and Settings\Judi.KITCHEN-COMP.000\Desktop\MyFunCardsSetup2.2.60.11(2).exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc 1 C:\Documents and Settings\Judi.KITCHEN-COMP.000\Start Menu\Programs\Startup\dfzy.exe Infected: Worm.Win32.AutoRun.ltg 1 C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1 C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1 C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1 C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1 C:\Program Files\SpyNoMore\RollBack\EPE PRO.zip Infected: HackTool.Win32.Sniffer.WpePro.u 1 C:\Program Files\SpyNoMore\RollBack\EPE PRO0.zip Infected: HackTool.Win32.Sniffer.WpePro.u 1 C:\Program Files\SpyNoMore\RollBack\EpeSpy.zip Infected: HackTool.Win32.Sniffer.WpePro.w 1 C:\Program Files\SpyNoMore\RollBack\EpeSpy0.zip Infected: HackTool.Win32.Sniffer.WpePro.w 1 C:\Program Files\SpyNoMore\RollBack\WPE PRO.zip Infected: HackTool.Win32.Sniffer.WpePro.u 1 C:\Program Files\SpyNoMore\RollBack\WPE PRO0.zip Infected: HackTool.Win32.Sniffer.WpePro.u 1 C:\Program Files\SpyNoMore\RollBack\WpeSpy.zip Infected: HackTool.Win32.Sniffer.WpePro.w 1 C:\Program Files\SpyNoMore\RollBack\WpeSpy0.zip Infected: HackTool.Win32.Sniffer.WpePro.w 1 C:\QooBox\Quarantine\C\auto.exe.vir Infected: Trojan.Win32.KillAV.alr 1 C:\QooBox\Quarantine\C\AutoRun.inf.vir Infected: Worm.Win32.AutoRun.dyn 1 C:\QooBox\Quarantine\C\DOCUME~1\CHRISK~1.000\LOCALS~1\Temp\WowInitcode.dll.vir Infected: Trojan-GameThief.Win32.Magania.ablu 1 C:\QooBox\Quarantine\C\WINDOWS\2.exe.vir Infected: Trojan-GameThief.Win32.Magania.ablu 1 C:\QooBox\Quarantine\C\WINDOWS\system\llzjy080832.exe.vir Infected: Trojan.Win32.KillAV.alr 1 C:\QooBox\Quarantine\C\WINDOWS\system\zhnqbdf080822b.dll.vir Infected: Trojan-Downloader.Win32.Agent.advf 1 C:\QooBox\Quarantine\C\WINDOWS\system\zyndle080822.exe.vir Infected: Worm.Win32.AutoRun.ltg 1 C:\QooBox\Quarantine\C\WINDOWS\system32\495271CA.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.taqu 1 C:\QooBox\Quarantine\C\WINDOWS\system32\730B78A6.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.taqw 1 C:\QooBox\Quarantine\C\WINDOWS\system32\C578B618.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.tapt 1 C:\QooBox\Quarantine\C\WINDOWS\system32\catower.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.swbg 1 C:\QooBox\Quarantine\C\WINDOWS\system32\certmgrkd.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.tarf 1 C:\QooBox\Quarantine\C\WINDOWS\system32\cxpops.dll.vir Infected: Trojan-GameThief.Win32.Magania.aays 1 C:\QooBox\Quarantine\C\WINDOWS\system32\dispexcb.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.szbq 1 C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\HBKernel.sys.vir Infected: Trojan-GameThief.Win32.OnLineGames.syng 1 C:\QooBox\Quarantine\C\WINDOWS\system32\eoceps.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.sqqc 1 C:\QooBox\Quarantine\C\WINDOWS\system32\explore.exe.vir Infected: Trojan-GameThief.Win32.OnLineGames.suaq 1 C:\QooBox\Quarantine\C\WINDOWS\system32\HBmhly.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.syni 1 C:\QooBox\Quarantine\C\WINDOWS\system32\imgutilhx2.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.symd 1 C:\QooBox\Quarantine\C\WINDOWS\system32\kncer30.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.sypi 1 C:\QooBox\Quarantine\C\WINDOWS\system32\knx32.dll.vir Infected: Trojan-Dropper.Win32.Agent.vji 1 C:\QooBox\Quarantine\C\WINDOWS\system32\mduaey.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.swbl 1 C:\QooBox\Quarantine\C\WINDOWS\system32\mduaeyk.exe.vir Infected: Trojan-GameThief.Win32.OnLineGames.symc 1 C:\QooBox\Quarantine\C\WINDOWS\system32\rditl.dll.vir Infected: Trojan-PSW.Win32.OnLineGames.arni 1 C:\QooBox\Quarantine\C\WINDOWS\system32\rdtll.dll.vir Infected: Trojan-PSW.Win32.OnLineGames.arni 1 C:\QooBox\Quarantine\C\WINDOWS\system32\rdwddl.dll.vir Infected: Trojan-PSW.Win32.OnLineGames.arni 1 C:\QooBox\Quarantine\C\WINDOWS\system32\rdzxl.dll.vir Infected: Trojan-PSW.Win32.OnLineGames.arni 1 C:\QooBox\Quarantine\C\WINDOWS\system32\scrruncqsj.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.sknp 1 C:\QooBox\Quarantine\C\WINDOWS\system32\slbiopfs2.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.symd 1 C:\QooBox\Quarantine\C\WINDOWS\system32\thermaltinc.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.sxbi 1 C:\QooBox\Quarantine\C\WINDOWS\system32\tscfgwmijxsj.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.tank 1 C:\QooBox\Quarantine\C\WINDOWS\system32\wllame.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.swck 1 C:\QooBox\Quarantine\[4]-Submit_2008-09-01@15.44.zip Infected: Trojan.Win32.Agent.zwa 1 C:\QooBox\Quarantine\[4]-Submit_2008-09-01@15.44.zip Infected: Trojan-Dropper.Win32.Small.bwh 1 C:\QooBox\Quarantine\[4]-Submit_2008-09-01@15.44.zip Infected: Trojan-GameThief.Win32.OnLineGames.taqn 1 C:\QooBox\Quarantine\[4]-Submit_2008-09-01@15.44.zip Infected: Trojan-GameThief.Win32.OnLineGames.sdbj 2 C:\QooBox\Quarantine\[4]-Submit_2008-09-01@15.44.zip Infected: Trojan-GameThief.Win32.OnLineGames.tart 1 C:\QooBox\Quarantine\[4]-Submit_2008-09-01@15.44.zip Infected: Trojan-GameThief.Win32.OnLineGames.szcv 1 C:\QooBox\Quarantine\[4]-Submit_2008-09-01@15.44.zip Infected: Trojan-GameThief.Win32.OnLineGames.taqz 1 C:\QooBox\Quarantine\[4]-Submit_2008-09-01@15.44.zip Infected: Trojan-PSW.Win32.Nilage.dls 1 C:\QooBox\Quarantine\[4]-Submit_2008-09-01@15.44.zip Infected: Backdoor.Win32.GirlinRed.bo 1 C:\WINDOWS\alexa.exe Infected: Trojan-GameThief.Win32.WOW.bwh 1 C:\WINDOWS\lwow.exe Infected: Trojan-GameThief.Win32.WOW.bvt 1 C:\WINDOWS\system32\aotoppt.dll Infected: Trojan-GameThief.Win32.OnLineGames.szse 1 C:\WINDOWS\system32\kncer10.exe Infected: Trojan-GameThief.Win32.OnLineGames.tapp 1 C:\WINDOWS\system32\WD.exe Infected: Trojan-GameThief.Win32.OnLineGames.rxqx 1 C:\WINDOWS\wow.exe Infected: Trojan-GameThief.Win32.OnLineGames.stwa 1 D:\Chris' Music\Felix Music\Disney - Colors Of The Wind ( from Pocahontas ).mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1 D:\Chris' Music\Felix Music\Muppets - Kokomo (Kermit with Miss Piggy).mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1 E:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP19\A0009907.inf Infected: Worm.Win32.AutoRun.dyn 1 E:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP19\A0011962.inf Infected: Worm.Win32.AutoRun.dyn 1 E:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP19\A0012068.inf Infected: Worm.Win32.AutoRun.dyn 1 E:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20\A0012120.inf Infected: Worm.Win32.AutoRun.dyn 1 E:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20\A0012157.inf Infected: Worm.Win32.AutoRun.dyn 1 E:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20\A0012208.inf Infected: Worm.Win32.AutoRun.dyn 1 E:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20\A0012243.inf Infected: Worm.Win32.AutoRun.dyn 1 E:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20\A0012267.inf Infected: Worm.Win32.AutoRun.dyn 1 E:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20\A0013267.inf Infected: Worm.Win32.AutoRun.dyn 1 E:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20\A0014267.inf Infected: Worm.Win32.AutoRun.dyn 1 E:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20\A0014300.inf Infected: Worm.Win32.AutoRun.dyn 1 E:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP21\A0014352.inf Infected: Worm.Win32.AutoRun.dyn 1 E:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP21\A0014366.exe Infected: Trojan.Win32.KillAV.alr 1 E:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP21\A0014504.inf Infected: Worm.Win32.AutoRun.dyn 1 E:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP22\A0014560.inf Infected: Worm.Win32.AutoRun.dyn 1 E:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP22\A0014569.exe Infected: Trojan.Win32.KillAV.alr 1 The selected area was scanned. ========== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:28:09 PM, on 9/1/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\arservice.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\lxdmcoms.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\ARPWRMSG.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\DISC\DISCover.exe C:\Program Files\DISC\DiscUpdateMgr.exe C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\DISC\DiscStreamHub.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\HP\KBD\KBD.EXE c:\windows\system\hpsysdrv.exe C:\WINDOWS\explorer.exe C:\Program Files\Opera\opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe O4 - HKLM\..\Run: [LUOMWD] C:\WINDOWS\system32\WD.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKLM\..\Policies\Explorer\Run: [dljj_df] C:\WINDOWS\system\llzjy080832.exe O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.trymedia.com (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1219910103983 O20 - AppInit_DLLs: aotoppt.dll O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxdm_device - - C:\WINDOWS\system32\lxdmcoms.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 8305 bytes Last edited by TheBruce1; 09-02-2008 at 03:12 AM. |
|
|
|
|
09-02-2008, 04:17 AM
|
#10 (permalink) | ||
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,143
OS: XP
|
Re: Unfixable Issue
Hello
Did you upload the file to Bleeping Computers as i cannot find it. Quote:
It looks as though you have installed some crack programs, This is one of the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk. Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore. If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer. Additionally, cracked programs are illegal. Before posting for help, uninstall any such applications. Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine In accordance with the rules I have every right to stop help from this point, but I do believe that education about the effects that P2P/cracks/keygens have in supporting the role of malware, these outlets are the main cause of malware that we see everyday in logs. Any other illegal software that you have, even though they do not appear as trojans themselves, will come from sites that support and promote malware which unknowingly to you, can provide backdoors to your machine and install other malicious items. ========= Please DO NOT Attach logs to your posts unless you are advised to do so. ========= Open notepad and copy/paste the text in the quotebox below into it: Quote:
Refering to the picture above, drag CFscript into ComboFix.exe Follow the prompts, and post the resulting log, C:\ComboFix.txt Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system. Warning: Do not mouseclick combofix's window whilst it's running. That may cause it to stall When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis. Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file(s). Please be sure to upload the file to Bleeping Computers, also DO NOT run Malwarebytes at this time, there is a bug within the programme which is being worked on at this time ========== Please go to: VirusTotal
Do the same with: C:\WINDOWS\system32\ntoskrnl.exe ========== Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. =========== Logs Required C:\Combofix.txt VirusTotal Results Hijackthis Log Please stay off the internet as much as possible until we can install some protection. |
||
|
|
|
|
09-02-2008, 06:51 AM
|
#11 (permalink) |
|
Registered User
Join Date: Aug 2008
Posts: 17
OS: Windows XP SP2
|
Re: Unfixable Issue
Before I attempt the combo fix again I would like to note that when I did the last ComboFix you requested using your script and everything else, ComboFix rebooted my computer (which I'm sure is a normal part of the process for it) but when I logged back into my account for it to complete it's process no "message box" or "captured file" were mentioned. It simply opened the log and then closed itself out with only the log still showing. So I am unsure how to react if that happens this time as well cause I don't know what to do after that.
|
|
|
|
|
09-02-2008, 09:29 AM
|
#12 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,143
OS: XP
|
Re: Unfixable Issue
Make sure you include everything inside the quote box including the http address, if it happens again, upload this file:
C:\QooBox\Quarantine\[4]-Submit_2008-09-01@15.44.zip to this website: http://www.bleepingcomputer.com/submit-malware.php?channel=4 Include this link into the submission page: http://www.techsupportforum.com/security-center/hijackthis-log-help/282071-unfixable-issue.html If it does happen again, another zip file will be created in the same location with a different date and time, so it would look something like this: C:\QooBox\Quarantine\[4]-Submit_2008-09-02@xx.xx.zip The date would be 02-09-2008, if you upload that file as well if it happens again. |
|
|
|
|
09-02-2008, 02:14 PM
|
#13 (permalink) | ||
|
Registered User
Join Date: Aug 2008
Posts: 17
OS: Windows XP SP2
|
Re: Unfixable Issue
Here come the logs.
ComboFix Log Quote:
Quote:
|
||
|
|
|
|
09-02-2008, 02:16 PM
|
#14 (permalink) | ||
|
Registered User
Join Date: Aug 2008
Posts: 17
OS: Windows XP SP2
|
Re: Unfixable Issue
VirusTotal for ntoskrnl.exe
Quote:
Quote:
|
||
|
|
|
|
09-02-2008, 03:01 PM
|
#15 (permalink) | |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,143
OS: XP
|
Re: Unfixable Issue
Hello again
Files uploaded successfully, thank you. ======== Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any) 015 - Trusted Zone: http://*.trymedia.com (HKLM) O23 - Service: Ent58ComBackFx (WindowsEntMianFeiV08) - Unknown owner - C:\WINDOWS\System32\Ly_Server2008.exe (file missing) Please remember to close all other windows, including browsers then click Fix checked. ========== Go to Start->Run and type in regedit and hit OK.Go to HKEY_LOCAL_MACHINE and click on it>then right-click on HKEY_LOCAL_MACHINE and select export. Save the registry somewhere as a backup. Close the Registry Editor now. Open notepad and copy/paste the text in the quotebox below: (don't forget to copy and paste REGEDIT4) Quote:
Save the file as "Fix.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files" It should look like this:  Double click on the Fix.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards. ========== I see no evidence of an AntiVirus program on your system. This must be resolved. Go Here and download/install and run a scan, post the log from that scan in your reply. You can choose an antivirus of your own if you wish. =========== Double click on the RIST icon and let it run, post the log.txt in your reply. ============ Logs Required Avira Scan Results log.txt How is your computer running now. |
|
|
|
|
|
09-03-2008, 04:35 AM
|
#16 (permalink) | |
|
Registered User
Join Date: Aug 2008
Posts: 17
OS: Windows XP SP2
|
Re: Unfixable Issue
All steps followed 100%. Here's the logs. The computer is running slightly better not counting last night when my webcam turned itself on and when I flipped it the bird it turned back off. But it seems things are slowly improving other then that. Quote:
|
