Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page WinAble and other goodies... Help? HJT logfile
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 11-24-2007, 12:57 PM   #1 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 21
OS: Wndows XP Professional


WinAble and other goodies... Help? HJT logfile
Over the past week I've formatted my hard drive and re-installed windows three times. It's getting pretty frustrating. Here's what I've got right now (HJT Log). Can someone please help?

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:55:40 PM, on 11/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Documents and Settings\J. Looney\Application Data\U3\0000188C36752007\LaunchPad.exe
D:\Download\Security\HiJackThis_v2.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [RemoveInstallPath] cmd.exe C:\WINDOWS\system32\cmd.exe /c rmdir /S /Q "C:\PROGRA~1\WinAble" > nul
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Eeto] "C:\PROGRA~1\COMMON~1\SMANTE~1\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [Nyypmx] "C:\Documents and Settings\J. Looney\Application Data\?dobe\?hkdsk.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 4785 bytes
Keenjecter is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 11-24-2007, 03:49 PM   #2 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 21
OS: Wndows XP Professional


Re: WinAble and other goodies... Help? HJT logfile
Incident Status Location

Adware:adware/outerinfo Not disinfected Windows Registry
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\J. Looney\Application Data\Mozilla\Firefox\Profiles\c2mco9oq.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\J. Looney\Application Data\Mozilla\Firefox\Profiles\c2mco9oq.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\J. Looney\Application Data\Mozilla\Firefox\Profiles\c2mco9oq.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\J. Looney\Application Data\Mozilla\Firefox\Profiles\c2mco9oq.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\J. Looney\Application Data\Mozilla\Firefox\Profiles\c2mco9oq.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\J. Looney\Application Data\Mozilla\Firefox\Profiles\c2mco9oq.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\J. Looney\Application Data\Mozilla\Firefox\Profiles\c2mco9oq.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\J. Looney\Application Data\Mozilla\Firefox\Profiles\c2mco9oq.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\J. Looney\Application Data\Mozilla\Firefox\Profiles\c2mco9oq.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\J. Looney\Cookies\j. looney@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\J. Looney\Cookies\j. looney@advertising[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\J. Looney\Cookies\j. looney@anm.co[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\J. Looney\Cookies\j. looney@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\J. Looney\Cookies\j. looney@atwola[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\J. Looney\Cookies\j. looney@bs.serving-sys[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\J. Looney\Cookies\j. looney@com[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\J. Looney\Cookies\j. looney@overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\J. Looney\Cookies\j. looney@questionmarket[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\J. Looney\Cookies\j. looney@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\J. Looney\Cookies\j. looney@serving-sys[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\J. Looney\Cookies\j. looney@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\J. Looney\Cookies\j. looney@tribalfusion[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\J. Looney\Cookies\j. looney@www.burstbeacon[1].txt
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\J. Looney\Local Settings\Temp\D20F.tmp
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\J. Looney\Local Settings\Temp\sdexe.exe
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\J. Looney\Local Settings\Temp\~nsu.tmp\Au_.exe
Virus:Trj/Downloader.MDW Disinfected C:\Documents and Settings\J. Looney\Local Settings\Temporary Internet Files\Content.IE5\M5BCIBL3\a8f5a020e4b833865a1034489887c8b9[1].zip[b122.exe]
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\b122.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected D:\Download\Security\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/Processor

Outrnfo and Internet Speed Monitor keep coming back as well.
Last edited by Keenjecter; 11-24-2007 at 04:15 PM.
Keenjecter is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-26-2007, 03:42 PM   #3 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,569
OS: 2000 Pro; XP Pro; XP Home


Re: WinAble and other goodies... Help? HJT logfile
Hello and Welcome. Apologies for any delay in replying, but we have been rather busy lately.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

I need more information before continuing, please. If you still require assistance with your issue, and since it has been a few days since you first posted, please do this:

---------------------------------------------------------------------------------------------

I see no evidence of an AntiVirus program on your system. This must be resolved. Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware. It can take as little as eight seconds to infect an unprotected computer.

Install this, it's free, and very good.

Avira PersonalEdition Classic


Update definitions, run a full system scan.

Here's an article to help you with the installation:

http://www.techsupportforum.com/cont...ticles/64.html

Next, do this;

You are using an outdated version of HijackThis. Please uninstall from Add/Remove programs, and delete your current version.

Next, download HijackThis to your desktop

Alternate link

Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

When it does, just close it.

---------------------------------------------------------------------------------------------


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

Thank you.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-26-2007, 11:12 PM   #4 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 21
OS: Wndows XP Professional


Re: WinAble and other goodies... Help? HJT logfile
Deckard's System Scanner v20071014.68
Run by J. Looney on 2007-11-26 23:04:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
34: 2007-11-27 06:04:55 UTC - RP34 - Deckard's System Scanner Restore Point
33: 2007-11-26 23:27:54 UTC - RP33 - AntiVir PersonalEdition Classic - 11/26/2007 16:27
32: 2007-11-26 04:24:54 UTC - RP32 - System Checkpoint
31: 2007-11-25 03:42:20 UTC - RP31 - Installed Adobe Audition 2.0
30: 2007-11-25 03:40:22 UTC - RP30 - Installed iTunes


-- First Restore Point --
1: 2007-11-21 20:18:55 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as J. Looney.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1116 PM, on 11/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Download\Security\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\J. Looney.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Nyypmx] "C:\Documents and Settings\J. Looney\Application Data\?dobe\?hkdsk.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\profsyx.html

--
End of file - 6777 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 axsaki - c:\windows\system32\drivers\axsaki.sys
R3 axskbus - c:\windows\system32\drivers\axskbus.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Adobe Version Cue CS2 - "c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe" -win32service <Not Verified; Adobe Systems Incorporated; Adobe Version Cue CS2>
R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S2 ScsiAccess - c:\program files\photodex\proshowproducer\scsiaccess.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: AXSAKI SCSI Controller
Device ID: ROOT\*AXSAKI0\0000
Manufacturer: (Standard mass storage controllers)
Name: AXSAKI SCSI Controller
PNP Device ID: ROOT\*AXSAKI0\0000
Service: axsaki

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Device
Device ID: PCI\VEN_10DE&DEV_03F0&SUBSYS_82901043&REV_A2\3&267A616A&0&28
Manufacturer:
Name: PCI Device
PNP Device ID: PCI\VEN_10DE&DEV_03F0&SUBSYS_82901043&REV_A2\3&267A616A&0&28
Service:


-- Files created between 2007-10-26 and 2007-11-26 -----------------------------

2007-11-26 16:30:32 0 d-------- C:\Program Files\Trend Micro
2007-11-26 16:28:07 0 d-------- C:\Program Files\Avira
2007-11-26 16:28:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-26 15:27:41 0 d-------- C:\Program Files\Photodex Presenter
2007-11-26 15:27:41 0 d-------- C:\Documents and Settings\J. Looney\Application Data\Netscape
2007-11-26 15:27:27 0 d-------- C:\Program Files\Photodex
2007-11-26 15:27:07 0 d-------- C:\Documents and Settings\J. Looney\Application Data\Photodex
2007-11-26 11:56:14 0 d-------- C:\Program Files\uTorrent
2007-11-26 11:56:11 0 d-------- C:\Documents and Settings\J. Looney\Application Data\uTorrent
2007-11-25 17:23:05 376832 --a------ C:\WINDOWS\system32\WinNB58.dll <Not Verified; ; MBar IES AFF>
2007-11-25 15:15:15 0 d--hs---- C:\WINDOWS\Si4gTG9vbmV5
2007-11-25 15:09:53 0 d-------- C:\Documents and Settings\J. Looney\Application Data\WinTouch
2007-11-25 15:05:01 2 --a------ C:\WINDOWS\system32\wapisvtr32.exe
2007-11-25 15:05:00 0 d-------- C:\WINDOWS\system32\??curity
2007-11-25 14:59:39 0 d-------- C:\Program Files\Insider
2007-11-24 20:40:44 0 d-------- C:\Documents and Settings\J. Looney\Application Data\Apple Computer
2007-11-24 20:40:30 0 d-------- C:\Program Files\iPod
2007-11-24 20:40:26 0 d-------- C:\Program Files\iTunes
2007-11-24 20:39:51 0 d-------- C:\Program Files\QuickTime
2007-11-24 20:39:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-24 20:38:51 0 d-------- C:\Program Files\Common Files\Apple
2007-11-24 18:49:56 0 d-------- C:\Documents and Settings\J. Looney\Application Data\AdobeUM
2007-11-24 18:20:44 1375 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-11-24 17:44:21 0 d-------- C:\Documents and Settings\J. Looney\Application Data\WinRAR
2007-11-24 17:21:52 16384 --a------ C:\WINDOWS\system32\FileOps.exe
2007-11-24 17:21:52 0 d-------- C:\WINDOWS\system32\Adobe
2007-11-24 16:05:44 0 d-------- C:\Program Files\Common Files\??mbols
2007-11-24 13:57:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-24 13:03:41 0 d-------- C:\Program Files\SpywareBlaster
2007-11-24 13:03:11 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-24 12:45:03 0 d-------- C:\Program Files\TagScanner
2007-11-24 12:44:38 3283 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Musepack Codec.dat
2007-11-24 12:44:21 2181 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat
2007-11-24 12:44:08 2656 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP FLAC Codec.dat
2007-11-24 12:43:28 36604 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2007-11-24 12:43:27 0 d-------- C:\Program Files\Illustrate
2007-11-24 12:31:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-24 12:14:26 0 d-------- C:\Documents and Settings\J. Looney\Application Data\Adobe
2007-11-24 12:08:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-24 1218 0 d-------- C:\WINDOWS\CSC
2007-11-24 11:56:22 0 d-------- C:\Program Files\Alcohol Soft
2007-11-24 11:18:33 0 d-------- C:\Documents and Settings\J. Looney\Application Data\?dobe
2007-11-24 11:18:28 0 d-------- C:\Program Files\Common Files\S?mantec
2007-11-24 10:07:41 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-24 10:07:20 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-24 10:07:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-11-24 09:39:06 0 d-------- C:\Program Files\Apple Software Update
2007-11-24 09:39:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-24 09:09:42 0 d-------- C:\Documents and Settings\J. Looney\Application Data\Canon
2007-11-24 09:05:55 0 d-------- C:\Documents and Settings\J. Looney\Application Data\ScanSoft
2007-11-24 09:05:50 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-11-24 09:05:50 0 d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2007-11-24 09:05:16 0 d-------- C:\Program Files\ScanSoft
2007-11-24 09:04:34 0 d-------- C:\Program Files\Common Files\CANON
2007-11-24 09:04:09 0 d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2007-11-24 09:03:59 0 d--h----- C:\Program Files\CanonBJ
2007-11-24 08:54:50 0 d-------- C:\Program Files\Canon
2007-11-23 10:34:56 0 d---s---- C:\Documents and Settings\J. Looney\UserData
2007-11-23 09:57:22 41984 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System>
2007-11-23 09:55:32 0 d-------- C:\WINDOWS\RegisteredPackages
2007-11-23 09:54:33 0 d-------- C:\WINDOWS\system32\Data
2007-11-23 09:53:21 0 d-------- C:\Program Files\Creative
2007-11-23 09:52:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-23 09:41:32 2516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-23 09:41:22 0 d-------- C:\Documents and Settings\J. Looney\Application Data\Corel
2007-11-23 09:40:45 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-11-23 09:40:43 0 d-------- C:\Program Files\Common Files\InstallShield
2007-11-23 09:38:12 0 d-------- C:\Program Files\Corel
2007-11-23 09:38:12 0 d-------- C:\Program Files\Common Files\Corel
2007-11-23 01:44:01 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-23 01:43:59 0 d-------- C:\Documents and Settings\J. Looney\Application Data\Mozilla
2007-11-23 01:41:43 0 d-------- C:\Documents and Settings\J. Looney\Application Data\Macromedia
2007-11-23 01:16:49 0 d-------- C:\Program Files\Microsoft Works
2007-11-23 01:16:40 0 d-------- C:\Program Files\MSBuild
2007-11-23 01:12:46 0 d-------- C:\WINDOWS\SHELLNEW
2007-11-23 01:11:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-23 01:11:02 0 dr-h----- C:\MSOCache
2007-11-23 00:50:37 24971 --a------ C:\WINDOWS\system32\drivers\iteraid.sys <Not Verified; Integrated Technology Express, Inc.; Windows (R) 2000 DDK driver>
2007-11-23 00:49:39 0 d-------- C:\Program Files\DIFX
2007-11-23 00:49:38 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-11-23 00:47:54 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2007-11-23 00:47:16 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-11-23 00:47:12 0 d-------- C:\WINDOWS\Prefetch
2007-11-23 00:37:54 0 d-------- C:\WINDOWS\peernet
2007-11-23 00:37:53 0 d-------- C:\WINDOWS\provisioning
2007-11-23 00:36:27 0 d-------- C:\WINDOWS\ServicePackFiles
2007-11-23 00:31:11 0 d-------- C:\WINDOWS\EHome
2007-11-21 15:12:24 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-11-21 15:08:46 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-11-21 1559 1428 --a------ C:\WINDOWS\system32\drivers\nvphy.bin
2007-11-21 1534 0 d-------- C:\WINDOWS\nview
2007-11-21 1520 0 d-------- C:\Documents and Settings\J. Looney\Application Data\InstallShield
2007-11-21 15:05:51 0 d-------- C:\Documents and Settings\J. Looney\Application Data\U3
2007-11-21 15:03:30 1622016 --a------ C:\WINDOWS\system32\nwiz.exe
2007-11-21 15:03:25 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-11-21 15:03:25 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-11-21 15:03:21 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-11-21 15:03:12 1470464 --a------ C:\WINDOWS\system32\nview.dll
2007-11-21 15:03:10 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-11-21 15:02:51 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-11-21 15:02:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-11-21 13:18:47 0 d--hs---- C:\WINDOWS\Installer
2007-11-21 13:18:45 0 d-------- C:\Documents and Settings\J. Looney\Application Data\Identities
2007-11-21 13:18:34 0 d--h----- C:\Documents and Settings\J. Looney\Templates
2007-11-21 13:18:34 0 dr------- C:\Documents and Settings\J. Looney\Start Menu
2007-11-21 13:18:34 0 dr-h----- C:\Documents and Settings\J. Looney\SendTo
2007-11-21 13:18:34 0 dr-h----- C:\Documents and Settings\J. Looney\Recent
2007-11-21 13:18:34 0 d--h----- C:\Documents and Settings\J. Looney\PrintHood
2007-11-21 13:18:34 7602176 --ah----- C:\Documents and Settings\J. Looney\NTUSER.DAT
2007-11-21 13:18:34 0 d--h----- C:\Documents and Settings\J. Looney\NetHood
2007-11-21 13:18:34 0 dr------- C:\Documents and Settings\J. Looney\My Documents
2007-11-21 13:18:34 0 d--h----- C:\Documents and Settings\J. Looney\Local Settings
2007-11-21 13:18:34 0 dr------- C:\Documents and Settings\J. Looney\Favorites
2007-11-21 13:18:34 0 d-------- C:\Documents and Settings\J. Looney\Desktop
2007-11-21 13:18:34 0 d---s---- C:\Documents and Settings\J. Looney\Cookies
2007-11-21 13:18:34 0 d--h----- C:\Documents and Settings\J. Looney\Application Data
2007-11-21 13:14:16 0 d--hs---- C:\System Volume Information
2007-11-21 13:14:14 1572864 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-11-21 13:14:14 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-11-21 13:14:14 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-11-21 13:14:14 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-11-21 13:14:14 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-11-21 13:14:13 1572864 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-11-21 13:14:13 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-11-21 13:14:13 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-11-21 13:14:13 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-11-21 13:14:13 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-11-21 13:00:16 0 d-------- C:\WINDOWS\system32\xircom
2007-11-21 13:00:16 0 d-------- C:\Program Files\microsoft frontpage
2007-11-21 13:00:09 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-11-21 12:59:57 0 -rahs---- C:\MSDOS.SYS
2007-11-21 12:59:57 0 -rahs---- C:\IO.SYS
2007-11-21 12:59:57 0 --a------ C:\CONFIG.SYS
2007-11-21 12:59:57 0 --a------ C:\AUTOEXEC.BAT
2007-11-21 12:59:11 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-11-21 12:59:03 0 dr------- C:\WINDOWS\Offline Web Pages
2007-11-21 12:59:03 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-11-21 12:58:40 0 d-------- C:\WINDOWS\system32\DirectX
2007-11-21 12:58:12 0 d---s---- C:\WINDOWS\Tasks
2007-11-21 12:58:10 0 d-------- C:\Program Files\Common Files\MSSoap
2007-11-21 12:58:07 0 d-------- C:\WINDOWS\srchasst
2007-11-21 12:58:06 0 d-------- C:\WINDOWS\system32\Macromed
2007-11-21 12:58:05 0 d-------- C:\Program Files\Movie Maker
2007-11-21 12:58:02 0 d-------- C:\WINDOWS\system32\Restore
2007-11-21 12:58:02 0 d-------- C:\WINDOWS\PCHealth
2007-11-21 12:57:37 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-21 12:57:22 0 d-------- C:\WINDOWS\Registration
2007-11-21 12:57:14 0 d--h----- C:\Program Files\WindowsUpdate
2007-11-21 12:57:14 0 d-------- C:\Program Files\Online Services
2007-11-21 12:57:08 0 d-------- C:\Program Files\Messenger
2007-11-21 12:57:05 0 d-------- C:\Program Files\MSN Gaming Zone
2007-11-21 12:56:40 0 d-------- C:\Program Files\Windows NT
2007-11-21 12:56:38 0 d-------- C:\WINDOWS\system32\MsDtc
2007-11-21 12:56:38 0 d-------- C:\WINDOWS\system32\Com
2007-11-21 05:48:34 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-21 05:48:31 0 dr------- C:\Program Files
2007-11-21 05:48:31 0 d-------- C:\Program Files\Common Files
2007-11-21 05:48:31 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-11-21 05:48:14 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-11-21 05:48:14 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-11-21 05:48:14 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-11-21 05:48:14 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-11-21 05:48:14 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-11-21 05:48:14 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-11-21 05:48:14 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-11-21 05:48:14 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-11-21 05:48:14 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-11-21 05:48:14 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-11-21 05:48:14 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-11-21 05:48:14 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-11-21 05:48:14 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-11-21 05:48:14 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-11-21 05:48:14 0 dr------- C:\Documents and Settings\All Users\Documents
2007-11-21 05:48:14 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-11-21 05:48:04 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-11-21 05:48:04 0 d-------- C:\WINDOWS\system32\CatRoot
2007-11-21 05:47:59 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-11-21 05:47:59 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-11-21 05:47:58 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-11-21 05:47:58 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-11-21 05:47:36 0 d-------- C:\Documents and Settings
2007-11-21 05:43:25 0 d-------- C:\WINDOWS
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\WinSxS
2007-11-21 05:43:25 0 dr------- C:\WINDOWS\Web
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\twain_32
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\wins
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\wbem
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\usmt
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\spool
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\ShellExt
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\Setup
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\ras
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\oobe
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\npp
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\mui
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\inetsrv
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\IME
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\icsxml
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\ias
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\export
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\drivers
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-11-21 05:43:25 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\dhcp
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\config
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\3076
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\2052
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\1054
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\1042
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\1041
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\1037
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\1033
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\1031
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\1028
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system32\1025
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\system
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\security
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\Resources
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\repair
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\mui
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\msapps
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\msagent
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\Media
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\java
2007-11-21 05:43:25 0 d--h----- C:\WINDOWS\inf
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\ime
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\Help
2007-11-21 05:43:25 0 dr--s---- C:\WINDOWS\Fonts
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\Driver Cache
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\Debug
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\Cursors
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\Connection Wizard
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\Config
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\AppPatch
2007-11-21 05:43:25 0 d-------- C:\WINDOWS\addins
2007-10-30 11:53:32 97280 --a------ C:\WINDOWS\b147.exe


-- Find3M Report ---------------------------------------------------------------

2007-11-25 22:49:15 0 d-------- C:\Program Files\Common Files\??mbols
2007-11-25 15:14:18 10 --a------ C:\Program Files\.autoreg
2007-11-24 16:43:16 0 d-------- C:\Documents and Settings\J. Looney\Application Data\?dobe
2007-11-24 12:34:55 0 d-------- C:\Program Files\Common Files\S?mantec
2007-11-23 15:16:22 38444 --a------ C:\Documents and Settings\J. Looney\Application Data\Comma Separated Values (Windows).ADR
2007-11-23 15:12:19 24041 --a------ C:\Documents and Settings\J. Looney\Application Data\Microsoft Excel 97-2003.ADR
2007-11-23 01:33:27 9353 --a------ C:\Documents and Settings\J. Looney\Application Data\Microsoft Excel 97-2003.EML
2007-11-21 05:48:14 62 --ahs---- C:\Documents and Settings\J. Looney\Application Data\desktop.ini
2007-10-10 06:53:54 184320 --a------ C:\WINDOWS\b111.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [11/18/2007 07:38 PM]
"nwiz"="nwiz.exe" [11/18/2007 07:40 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [11/18/2007 07:40 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [08/11/2005 04:30 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 04:30 PM]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [02/15/2005 04:10 PM]
"P17Helper"="P17.dll" [05/03/2005 04:38 AM C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/30/2003 12:14 AM]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [03/21/2006 01:19 PM]
"runner1"="C:\WINDOWS\mrofinu72.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"RegistryMechanic"="" []
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [04/04/2005 06:58 PM]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [12/14/2004 02:12 AM]
"@"="" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11/14/2007 11:43 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [11/26/2007 04:33 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [05/31/2005 01:04 AM]
"Nyypmx"="C:\Documents and Settings\J. Looney\Application Data\?dobe\?hkdsk.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [11/24/2007 5:28:45 PM]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\MSN Gaming Zone\profsyx.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\Setup.exe -auto

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\LaunchU3.exe -a

*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB



-- End of Deckard's System Scanner: finished at 2007-11-26 23:07:41 ------------
Attached Files
File Type: txt extra.txt (17.4 KB, 0 views)
Keenjecter is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-26-2007, 11:34 PM   #5 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,569
OS: 2000 Pro; XP Pro; XP Home


Re: WinAble and other goodies... Help? HJT logfile
That looks a bit better. Now we can work.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
  1. Download ComboFix from one of these locations. ---------------------------------------------------------------------------------------------


    * IMPORTANT !!! Place combofix.exe on your Desktop


  2. Disconnect from the internet.
  3. Disable your AntiVirus application, usually via a right click on the System Tray icon.

    AVIRA ANTIVIR
    Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks like this: )
    • right click it-> untick the option AntiVir Guard enable.
    • You should now see a closed, white umbrella on a red background (looks like this: )


  4. S& D Spybot's Tea Timer

    While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
    Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
    • Open Spybot Search & Destroy.
    • In the Mode menu click "Advanced mode" if not already selected.
    • Choose "Yes" at the Warning prompt.
    • Expand the "Tools" menu.
    • Click "Resident".
    • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
    • In the File menu click "Exit" to exit Spybot Search & Destroy.
    • See this link for a tutorial


  5. Go to -> Run -> paste in the following single line command & click OK

    "%userprofile%\desktop\combofix.exe" /killall



  6. Follow the prompts. Type "1" and press Enter to begin the scan.
  7. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  8. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------

  9. Ensure that your AntiVirus is re-enabled. A reboot should have done this.
  10. Re-establish an internet connection.
  11. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-27-2007, 06:59 AM   #6 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 21
OS: Wndows XP Professional


Re: WinAble and other goodies... Help? HJT logfile
ComboFix 07-11-19.4 - J. Looney 2007-11-27 6:50:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.466 [GMT -7:00]
Running from: C:\Documents and Settings\J. Looney\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\J. Looney\Application Data\DOBE~1
C:\Documents and Settings\J. Looney\Application Data\WinTouch
C:\Documents and Settings\J. Looney\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\J. Looney\My Documents\MANTEC~1
C:\Program Files\Common Files\mbols~1
C:\Program Files\Common Files\smante~1
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\MSN Gaming Zone\profsyx.html
C:\WINDOWS\b111.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\system32\curity~1
C:\WINDOWS\system32\wapisvtr32.exe
C:\WINDOWS\system32\winnb58.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))
.

2007-11-26 16:30 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-26 16:28 <DIR> d-------- C:\Program Files\Avira
2007-11-26 16:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-26 15:27 <DIR> d-------- C:\Program Files\Photodex Presenter
2007-11-26 15:27 <DIR> d-------- C:\Program Files\Photodex
2007-11-26 15:27 <DIR> d-------- C:\Documents and Settings\J. Looney\Application Data\Photodex
2007-11-26 15:27 <DIR> d-------- C:\Documents and Settings\J. Looney\Application Data\Netscape
2007-11-26 11:56 <DIR> d-------- C:\Program Files\uTorrent
2007-11-26 11:56 <DIR> d-------- C:\Documents and Settings\J. Looney\Application Data\uTorrent
2007-11-25 15:15 <DIR> d--hs---- C:\WINDOWS\Si4gTG9vbmV5
2007-11-24 20:40 <DIR> d-------- C:\Program Files\iTunes
2007-11-24 20:40 <DIR> d-------- C:\Program Files\iPod
2007-11-24 20:40 <DIR> d-------- C:\Documents and Settings\J. Looney\Application Data\Apple Computer
2007-11-24 20:39 <DIR> d-------- C:\Program Files\QuickTime
2007-11-24 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-24 20:38 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-11-24 18:49 <DIR> d-------- C:\Documents and Settings\J. Looney\Application Data\AdobeUM
2007-11-24 17:21 <DIR> d-------- C:\WINDOWS\system32\Adobe
2007-11-24 13:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-24 13:12 <DIR> d-------- C:\Deckard
2007-11-24 13:03 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-24 13:03 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-24 13:03 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-24 12:45 <DIR> d-------- C:\Program Files\TagScanner
2007-11-24 12:43 <DIR> d-------- C:\Program Files\Illustrate
2007-11-24 12:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-24 12:19 2,238 --a------ C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico
2007-11-24 12:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-24 11:56 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-11-24 10:07 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-24 10:07 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-24 09:39 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-24 09:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-24 09:30 28,672 --a------ C:\WINDOWS\system32\sizelimit.ocx
2007-11-24 09:09 <DIR> d-------- C:\Documents and Settings\J. Looney\Application Data\Canon
2007-11-24 09:08 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-11-24 09:08 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-11-24 09:08 584 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2007-11-24 09:08 584 --a------ C:\WINDOWS\system32\settings.sfm
2007-11-24 09:05 <DIR> d-------- C:\Program Files\ScanSoft
2007-11-24 09:05 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-11-24 09:05 <DIR> d-------- C:\Documents and Settings\J. Looney\Application Data\ScanSoft
2007-11-24 09:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2007-11-24 09:04 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2007-11-24 09:04 <DIR> d-------- C:\Program Files\Common Files\CANON
2007-11-24 09:04 1,134,592 --a------ C:\WINDOWS\system32\CNQC4802.DLL
2007-11-24 09:04 143,360 --a------ C:\WINDOWS\system32\CNQL4802.DLL
2007-11-24 09:04 106,496 --a------ C:\WINDOWS\system32\cnqo4802.dll
2007-11-24 09:04 57,344 --a------ C:\WINDOWS\system32\CNQI4802.DLL
2007-11-24 09:03 <DIR> d--h----- C:\Program Files\CanonBJ
2007-11-24 08:54 <DIR> d-------- C:\Program Files\Canon
2007-11-23 10:34 <DIR> d---s---- C:\Documents and Settings\J. Looney\UserData
2007-11-23 09:55 90,112 --------- C:\WINDOWS\Updreg.EXE
2007-11-23 09:54 <DIR> d-------- C:\WINDOWS\system32\Data
2007-11-23 09:54 7,572,224 --------- C:\WINDOWS\system32\CT8MGM.SF2
2007-11-23 09:54 4,174,814 --------- C:\WINDOWS\system32\CT4MGM.SF2
2007-11-23 09:54 2,167,684 -ra------ C:\WINDOWS\system32\ct2mgm.sf2
2007-11-23 09:54 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-11-23 09:54 171,776 --a--c--- C:\WINDOWS\system32\dllcache\kmixer.sys
2007-11-23 09:54 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-11-23 09:54 145,792 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2007-11-23 09:54 133,632 -ra------ C:\WINDOWS\system32\CtDvInst.dll
2007-11-23 09:54 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2007-11-23 09:54 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-11-23 09:54 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-11-23 09:54 7,552 --a--c--- C:\WINDOWS\system32\dllcache\mskssrv.sys
2007-11-23 09:54 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-11-23 09:54 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2007-11-23 09:54 5,627 -ra------ C:\WINDOWS\system32\Ludap17.ini
2007-11-23 09:54 5,376 --a--c--- C:\WINDOWS\system32\dllcache\mspclock.sys
2007-11-23 09:54 4,992 --a--c--- C:\WINDOWS\system32\dllcache\mspqm.sys
2007-11-23 09:54 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-11-23 09:54 39 -ra------ C:\WINDOWS\system32\ctzapxx.ini
2007-11-23 09:53 <DIR> d-------- C:\Program Files\Creative
2007-11-23 09:52 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-11-23 09:41 <DIR> d-------- C:\Documents and Settings\J. Looney\Application Data\Corel
2007-11-23 09:41 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-23 09:40 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-11-23 09:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-11-23 09:38 <DIR> d-------- C:\Program Files\Corel
2007-11-23 09:38 <DIR> d-------- C:\Program Files\Common Files\Corel
2007-11-23 01:16 <DIR> d-------- C:\Program Files\MSBuild
2007-11-23 01:16 <DIR> d-------- C:\Program Files\Microsoft Works
2007-11-23 01:12 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-11-23 01:11 <DIR> dr-h----- C:\MSOCache
2007-11-23 01:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-23 00:50 24,971 --a------ C:\WINDOWS\system32\drivers\iteraid.sys
2007-11-23 00:49 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-23 00:49 <DIR> d-------- C:\Program Files\DIFX
2007-11-23 00:49 36,864 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2007-11-23 00:38 239,616 --------- C:\WINDOWS\system32\wstrenderer.ax
2007-11-23 00:38 164,352 --------- C:\WINDOWS\system32\wstpager.ax
2007-11-23 00:38 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-11-23 00:38 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2007-11-23 00:38 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2007-11-23 00:38 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-11-23 00:38 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2007-11-23 00:38 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2007-11-23 00:37 <DIR> d-------- C:\WINDOWS\provisioning
2007-11-23 00:37 <DIR> d-------- C:\WINDOWS\peernet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 22:14 10 ----a-w C:\Program Files\.autoreg
2007-11-19 02:40 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-11-19 02:40 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-11-19 02:40 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-11-19 02:40 581,632 ----a-w C:\WINDOWS\system32\nvhwvid.dll
2007-11-19 02:40 5,636,096 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-11-19 02:40 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-11-19 02:40 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-11-19 02:40 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-11-19 02:40 363,008 ----a-w C:\WINDOWS\system32\idecoiins.dll
2007-11-19 02:40 363,008 ----a-w C:\WINDOWS\system32\idecoi.dll
2007-11-19 02:40 35,840 ----a-w C:\WINDOWS\system32\nvconrm.dll
2007-11-19 02:40 35,840 ----a-w C:\WINDOWS\system32\NVCOI.DLL
2007-11-19 02:40 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-11-19 02:40 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-11-19 02:40 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-11-19 02:40 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-11-19 02:40 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-11-19 02:40 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-11-19 02:40 323,584 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-11-19 02:40 323,584 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-11-19 02:40 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-11-19 02:40 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-11-19 02:40 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-11-19 02:40 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-11-19 02:40 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-11-19 02:40 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-11-19 02:40 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-11-19 02:40 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-11-19 02:40 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-11-19 02:40 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-11-19 02:40 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-11-19 02:40 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-11-19 02:40 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-11-19 02:40 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-11-19 02:40 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-11-19 02:40 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-11-19 02:40 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-11-19 02:40 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-11-19 02:40 278,528 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-11-19 02:40 274,432 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-11-19 02:40 274,432 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-11-19 02:40 274,432 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-11-19 02:40 270,336 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-11-19 02:40 266,240 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-11-19 02:40 266,240 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-11-19 02:40 266,240 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-11-19 02:40 262,144 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-11-19 02:40 262,144 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-11-19 02:40 262,144 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-11-19 02:40 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-11-19 02:40 253,952 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-11-19 02:40 249,856 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-11-19 02:40 249,856 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-11-19 02:40 249,856 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-11-19 02:40 249,856 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-11-19 02:40 249,856 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-11-19 02:40 245,760 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-11-19 02:40 245,760 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-11-19 02:40 241,664 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-11-19 02:40 241,664 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-11-19 02:40 241,664 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-11-19 02:40 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-11-19 02:40 221,184 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-11-19 02:40 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-11-19 02:40 201,728 ----a-w C:\WINDOWS\system32\fdco1ins.dll
2007-11-19 02:40 201,728 ----a-w C:\WINDOWS\system32\fdco1.dll
2007-11-19 02:40 2,969,600 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-11-19 02:40 2,932,736 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-11-19 02:40 2,920,448 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-11-19 02:40 2,859,008 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-11-19 02:40 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
2007-11-19 02:40 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-11-19 02:40 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
2007-11-19 02:40 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
2007-11-19 02:40 155,715 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-11-19 02:40 118,784 ----a-w C:\WINDOWS\system32\nvrszht.dll
2007-11-19 02:40 1,732,608 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-11-19 02:40 1,662,976 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-11-19 02:40 1,622,016 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-11-19 02:40 1,470,464 ----a-w C:\WINDOWS\system32\nview.dll
2007-11-19 02:40 1,236,992 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-11-19 02:40 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-11-19 02:39 794,624 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-11-19 02:39 5,255,168 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-11-19 02:39 311,296 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-11-19 02:39 3,047,424 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-11-19 02:39 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-11-19 02:39 1,011,712 ----a-w C:\WINDOWS\system32\nvcpluir.dll
2007-11-19 02:38 7,634,944 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-11-19 02:38 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-11-19 02:38 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-11-19 02:38 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2005-08-02 23:46 187,904 --sha-r C:\WINDOWS\Si4gTG9vbmV5\asappsrv.dll
2005-07-29 23:24 472 --sha-r C:\WINDOWS\Si4gTG9vbmV5\m2b0n36SvApc.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"Nyypmx"="C:\Documents and Settings\J. Looney\Application Data\?dobe\?hkdsk.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-11-18 19:40 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 16:10]
"P17Helper"="Rundll32 P17.dll" []
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"RegistryMechanic"="" []
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-26 16:33]

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys
R3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys
R3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys
R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Setup.exe -auto

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

*Newly Created Service* - SCSIACCESS
*Newly Created Service* - SSMDRV
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 06:55:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-27 6:56:28 - machine was rebooted
.
--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:39 AM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Microsoft Shared\office12\offlb.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Nyypmx] "C:\Documents and Settings\J. Looney\Application Data\?dobe\?hkdsk.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

--
End of file - 6945 bytes
Keenjecter is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-27-2007, 08:33 AM   #7 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,569
OS: 2000 Pro; XP Pro; XP Home


Re: WinAble and other goodies... Help? HJT logfile
Copy these instructions to notepad.

Disconnect from the internet.

Disable TeaTimer and Avira, using the previous instructions.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
http://www.techsupportforum.com/security-center/hijackthis-log-help/197263-winable-other-goodies-help-hjt-logfile.html

Killall::

File::
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico

Folder::
C:\WINDOWS\Si4gTG9vbmV5

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nyypmx"=-

Collect::
C:\WINDOWS\Si4gTG9vbmV5\asappsrv.dll
Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-27-2007, 10:40 AM   #8 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 21
OS: Wndows XP Professional


Re: WinAble and other goodies... Help? HJT logfile
ComboFix 07-11-19.4 - J. Looney 2007-11-27 10:30:22.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.491 [GMT -7:00]
Running from: C:\Documents and Settings\J. Looney\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\J. Looney\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Si4gTG9vbmV5
C:\WINDOWS\Si4gTG9vbmV5\asappsrv.dll
C:\WINDOWS\Si4gTG9vbmV5\m2b0n36SvApc.vbs
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico

.
((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))
.

2007-11-27 08:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-11-26 16:30 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-26 16:28 <DIR> d-------- C:\Program Files\Avira
2007-11-26 16:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-26 15:27 <DIR> d-------- C:\Program Files\Photodex Presenter
2007-11-26 15:27 <DIR> d-------- C:\Program Files\Photodex
2007-11-26 15:27 <DIR> d-------- C:\Documents and Settings\J. Looney\Application Data\Photodex
2007-11-26 15:27 <DIR> d-------- C:\Documents and Settings\J. Looney\Application Data\Netscape
2007-11-26 11:56 <DIR> d-------- C:\Program Files\uTorrent
2007-11-26 11:56 <DIR> d-------- C:\Documents and Settings\J. Looney\Application Data\uTorrent
2007-11-24 20:40 <DIR> d-------- C:\Program Files\iTunes
2007-11-24 20:40 <DIR> d-------- C:\Program Files\iPod
2007-11-24 20:40 <DIR> d-------- C:\Documents and Settings\J. Looney\Application Data\Apple Computer
2007-11-24 20:39 <DIR> d-------- C:\Program Files\QuickTime
2007-11-24 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-24 20:38 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-11-24 18:49 <DIR> d-------- C:\Documents and Settings\J. Looney\Application Data\AdobeUM
2007-11-24 17:21 <DIR> d-------- C:\WINDOWS\system32\Adobe
2007-11-24 13:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-24 13:12 <DIR> d-------- C:\Deckard
2007-11-24 13:03 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-24 13:03 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-24 13:03 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-24 12:45 <DIR> d-------- C:\Program Files\TagScanner
2007-11-24 12:43 <DIR> d-------- C:\Program Files\Illustrate
2007-11-24 12:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-24 12:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-24 11:56 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-11-24 10:07 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-24 10:07 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-24 09:39 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-24 09:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-24 09:30 28,672 --a------ C:\WINDOWS\system32\sizelimit.ocx
2007-11-24 09:09 <DIR> d-------- C:\Documents and Settings\J. Looney\Application Data\Canon
2007-11-24 09:08 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-11-24 09:08 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-11-24 09:08 584 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2007-11-24 09:08 584 --a------ C:\WINDOWS\system32\settings.sfm
2007-11-24 09:05 <DIR> d-------- C:\Program Files\ScanSoft
2007-11-24 09:05 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-11-24 09:05 <DIR> d-------- C:\Documents and Settings\J. Looney\Application Data\ScanSoft
2007-11-24 09:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2007-11-24 09:04 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2007-11-24 09:04 <DIR> d-------- C:\Program Files\Common Files\CANON
2007-11-24 09:04 1,134,592 --a------ C:\WINDOWS\system32\CNQC4802.DLL
2007-11-24 09:04 143,360 --a------ C:\WINDOWS\system32\CNQL4802.DLL
2007-11-24 09:04 106,496 --a------ C:\WINDOWS\system32\cnqo4802.dll
2007-11-24 09:04 57,344 --a------ C:\WINDOWS\system32\CNQI4802.DLL
2007-11-24 09:03 <DIR> d--h----- C:\Program Files\CanonBJ
2007-11-24 08:54 <DIR> d-------- C:\Program Files\Canon
2007-11-23 10:34 <DIR> d---s---- C:\Documents and Settings\J. Looney\UserData
2007-11-23 09:55 90,112 --------- C:\WINDOWS\Updreg.EXE
2007-11-23 09:54 <DIR> d-------- C:\WINDOWS\system32\Data
2007-11-23 09:54 7,572,224 --------- C:\WINDOWS\system32\CT8MGM.SF2
2007-11-23 09:54 4,174,814 --------- C:\WINDOWS\system32\CT4MGM.SF2
2007-11-23 09:54 2,167,684 -ra------ C:\WINDOWS\system32\ct2mgm.sf2
2007-11-23 09:54 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-11-23 09:54 171,776 --a--c--- C:\WINDOWS\system32\dllcache\kmixer.sys
2007-11-23 09:54 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-11-23 09:54 145,792 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2007-11-23 09:54 133,632 -ra------ C:\WINDOWS\system32\CtDvInst.dll
2007-11-23 09:54 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2007-11-23 09:54 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-11-23 09:54 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-11-23 09:54 7,552 --a--c--- C:\WINDOWS\system32\dllcache\mskssrv.sys
2007-11-23 09:54 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-11-23 09:54 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2007-11-23 09:54 5,627 -ra------ C:\WINDOWS\system32\Ludap17.ini
2007-11-23 09:54 5,376 --a--c--- C:\WINDOWS\system32\dllcache\mspclock.sys
2007-11-23 09:54 4,992 --a--c--- C:\WINDOWS\system32\dllcache\mspqm.sys
2007-11-23 09:54 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-11-23 09:54 39 -ra------ C:\WINDOWS\system32\ctzapxx.ini
2007-11-23 09:53 <DIR> d-------- C:\Program Files\Creative
2007-11-23 09:52 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-11-23 09:41 <DIR> d-------- C:\Documents and Settings\J. Looney\Application Data\Corel
2007-11-23 09:41 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-23 09:40 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-11-23 09:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-11-23 09:38 <DIR> d-------- C:\Program Files\Corel
2007-11-23 09:38 <DIR> d-------- C:\Program Files\Common Files\Corel
2007-11-23 01:16 <DIR> d-------- C:\Program Files\MSBuild
2007-11-23 01:16 <DIR> d-------- C:\Program Files\Microsoft Works
2007-11-23 01:12 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-11-23 01:11 <DIR> dr-h----- C:\MSOCache
2007-11-23 01:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-23 00:50 24,971 --a------ C:\WINDOWS\system32\drivers\iteraid.sys
2007-11-23 00:49 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-23 00:49 <DIR> d-------- C:\Program Files\DIFX
2007-11-23 00:49 36,864 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2007-11-23 00:38 239,616 --------- C:\WINDOWS\system32\wstrenderer.ax
2007-11-23 00:38 164,352 --------- C:\WINDOWS\system32\wstpager.ax
2007-11-23 00:38 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-11-23 00:38 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2007-11-23 00:38 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2007-11-23 00:38 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-11-23 00:38 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2007-11-23 00:38 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2007-11-23 00:37 <DIR> d-------- C:\WINDOWS\provisioning
2007-11-23 00:37 <DIR> d-------- C:\WINDOWS\peernet
2007-11-23 00:37 5,550,080 --a--c--- C:\WINDOWS\system32\dllcache\wmp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 22:14 10 ----a-w C:\Program Files\.autoreg
2007-11-19 02:40 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-11-19 02:40 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-11-19 02:40 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-11-19 02:40 581,632 ----a-w C:\WINDOWS\system32\nvhwvid.dll
2007-11-19 02:40 5,636,096 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-11-19 02:40 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-11-19 02:40 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-11-19 02:40 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-11-19 02:40 363,008 ----a-w C:\WINDOWS\system32\idecoiins.dll
2007-11-19 02:40 363,008 ----a-w C:\WINDOWS\system32\idecoi.dll
2007-11-19 02:40 35,840 ----a-w C:\WINDOWS\system32\nvconrm.dll
2007-11-19 02:40 35,840 ----a-w C:\WINDOWS\system32\NVCOI.DLL
2007-11-19 02:40 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-11-19 02:40 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-11-19 02:40 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-11-19 02:40 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-11-19 02:40 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-11-19 02:40 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-11-19 02:40 323,584 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-11-19 02:40 323,584 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-11-19 02:40 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-11-19 02:40 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-11-19 02:40 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-11-19 02:40 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-11-19 02:40 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-11-19 02:40 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-11-19 02:40 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-11-19 02:40 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-11-19 02:40 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-11-19 02:40 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-11-19 02:40 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-11-19 02:40 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-11-19 02:40 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-11-19 02:40 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-11-19 02:40 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-11-19 02:40 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-11-19 02:40 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-11-19 02:40 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-11-19 02:40 278,528 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-11-19 02:40 274,432 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-11-19 02:40 274,432 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-11-19 02:40 274,432 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-11-19 02:40 270,336 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-11-19 02:40 266,240 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-11-19 02:40 266,240 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-11-19 02:40 266,240 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-11-19 02:40 262,144 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-11-19 02:40 262,144 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-11-19 02:40 262,144 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-11-19 02:40 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-11-19 02:40 253,952 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-11-19 02:40 249,856 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-11-19 02:40 249,856 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-11-19 02:40 249,856 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-11-19 02:40 249,856 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-11-19 02:40 249,856 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-11-19 02:40 245,760 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-11-19 02:40 245,760 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-11-19 02:40 241,664 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-11-19 02:40 241,664 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-11-19 02:40 241,664 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-11-19 02:40 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-11-19 02:40 221,184 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-11-19 02:40 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-11-19 02:40 201,728 ----a-w C:\WINDOWS\system32\fdco1ins.dll
2007-11-19 02:40 201,728 ----a-w C:\WINDOWS\system32\fdco1.dll
2007-11-19 02:40 2,969,600 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-11-19 02:40 2,932,736 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-11-19 02:40 2,920,448 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-11-19 02:40 2,859,008 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-11-19 02:40 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
2007-11-19 02:40 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-11-19 02:40 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
2007-11-19 02:40 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
2007-11-19 02:40 155,715 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-11-19 02:40 118,784 ----a-w C:\WINDOWS\system32\nvrszht.dll
2007-11-19 02:40 1,732,608 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-11-19 02:40 1,662,976 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-11-19 02:40 1,622,016 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-11-19 02:40 1,470,464 ----a-w C:\WINDOWS\system32\nview.dll
2007-11-19 02:40 1,236,992 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-11-19 02:40 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-11-19 02:39 794,624 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-11-19 02:39 5,255,168 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-11-19 02:39 311,296 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-11-19 02:39 3,047,424 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-11-19 02:39 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-11-19 02:39 1,011,712 ----a-w C:\WINDOWS\system32\nvcpluir.dll
2007-11-19 02:38 7,634,944 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-11-19 02:38 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-11-19 02:38 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-11-19 02:38 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-11-18 19:40 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 16:10]
"P17Helper"="Rundll32 P17.dll" []
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"RegistryMechanic"="" []
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-26 16:33]

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys
R3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys
R3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys
R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Setup.exe -auto

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 10:35:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-27 10:36:13 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-27 06:56
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:59 AM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

--
End of file - 6766 bytes
Keenjecter is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-27-2007, 10:56 AM   #9 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,569
OS: 2000 Pro; XP Pro; XP Home


Re: WinAble and other goodies... Help? HJT logfile
Good job.

Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unchecked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-27-2007, 04:24 PM   #10 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 21
OS: Wndows XP Professional


Re: WinAble and other goodies... Help? HJT logfile
Things seem much smoother now. I REALLY appreciate all of your help, and especially your prompt replies!

I am still receiving warnings from Avira, but it seems to be blocking the nasties.

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2689 (20071127)
# vers_arch_module=1.059 (20071108)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=01efa6f52505024da94400cd9cdbbee3
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2007-11-27 11:08:57
# local_time=2007-11-27 04:08:57 (-0700, Mountain Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=831056
# found=8
# scan_time=15509
C:\Deckard\System Scanner\backup\DOCUME~1\JAB43~1.LOO\LOCALS~1\Temp\mitC7.tmp a variant of Win32/Adware.Mirar application 3E2418F9B4D6F1076C325B362535E7FD
C:\Deckard\System Scanner\backup\DOCUME~1\JAB43~1.LOO\LOCALS~1\Temp\mitC7.tmp »CAB »NNBar_VCSetup_876923_LOG_IES_NoDMY_AFF.exe a variant of Win32/Adware.Mirar application 00000000000000000000000000000000
C:\Deckard\System Scanner\backup\DOCUME~1\JAB43~1.LOO\LOCALS~1\Temp\mitC7.tmp.cab a variant of Win32/Adware.Mirar application 3E2418F9B4D6F1076C325B362535E7FD
C:\Deckard\System Scanner\backup\DOCUME~1\JAB43~1.LOO\LOCALS~1\Temp\mitC7.tmp.cab »CAB »NNBar_VCSetup_876923_LOG_IES_NoDMY_AFF.exe a variant of Win32/Adware.Mirar application 00000000000000000000000000000000
C:\Deckard\System Scanner\backup\DOCUME~1\JAB43~1.LOO\LOCALS~1\Temp\NNBar_VCSetup_876923_LOG_IES_NoDMY_AFF.exe a variant of Win32/Adware.Mirar application 0FD8A479D8BDC0A7E3F95A41C500446C
C:\Documents and Settings\J. Looney\Desktop\[4]-Submit_2007-11-27@10.30.zip Win32/Adware.CommAd application 524153471E869825EFB67190D40B9C7F
C:\Documents and Settings\J. Looney\Desktop\[4]-Submit_2007-11-27@10.30.zip »ZIP »asappsrv.dll Win32/Adware.CommAd application 00000000000000000000000000000000
C:\qoobox\Quarantine\C\WINDOWS\system32\WinNB58.dll.vir a variant of Win32/Adware.Mirar application 9A211CEF439DF26E12933C98B2F3708B
Keenjecter is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-27-2007, 06:46 PM   #11 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,569
OS: 2000 Pro; XP Pro; XP Home


Re: WinAble and other goodies... Help? HJT logfile
Does Avira tell you where these nasties are located?

If in System Volume Information, that's System Restore. We'll take care of that later.

If you can, please tell me what Avira is finding, and where.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-27-2007, 07:12 PM   #12 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 21
OS: Wndows XP Professional


Re: WinAble and other goodies... Help? HJT logfile
OK, I'll make note of the next warning I get and post at that time.

Thanks again for your help!
Keenjecter is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-27-2007, 08:14 PM   #13 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,569
OS: 2000 Pro; XP Pro; XP Home


Re: WinAble and other goodies... Help? HJT logfile
Ok, if Avira still finds things after this, post again. You're welcome for the help.

Your logs appear clean.You should be good to go. We still have a few items to address.

Go to -> Run -> copy/paste in the following single line command & click OK

combofix /u



This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and use the following free programs:
  • Microsoft Windows Update - http://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • SpywareBlaster to help prevent spyware from installing in the first place.
    • Install & update SpywareBlaster with the latest definitions.
      After you have updated, click the button - enable protection for all unprotected items
  • SpywareGuard to catch and block spyware before it can execute.
  • SPYBOT - SEARCH & DESTROY
    Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here

    IE-SpyAd - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. An installation tutorial is available here.

  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
    • Download Host.zip to your desktop.
    • From your Desktop right-click (hosts.zip) and select:
      Extract All from the menu.
    • Click Next, click Next, select the option:
      "Show Extracted files", click Finish
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    • Once updated you should see another prompt that the task was completed.
  • ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

    Do not install more than one AntiVirus program because they will conflict with each other.

  • FIREWALL
    If you do not have a firewall, here are a couple of great free ones available for personal use. Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here

    Do not install more than one firewall program because they will conflict with each other.

Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Here are some additional utilities that will further enhance your safety.
  • http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

  • http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.

  • http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-28-2007, 08:26 AM   #14 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 21
OS: Wndows XP Professional


Re: WinAble and other goodies... Help? HJT logfile
here's an Avira message I just received.
Attached Images
File Type: jpg new-1.jpg (69.9 KB, 2 views)
Keenjecter is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-28-2007, 08:53 AM   #15 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,569
OS: 2000 Pro; XP Pro; XP Home


Re: WinAble and other goodies... Help? HJT logfile
As suspected - System Volume Information = System Restore

Running the combofix /u command should have reset System Restore points.

Let's do it manually.

CLEAR & RESET SYSTEM RESTORE'S CACHE

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 & press Enter

* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply

Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-05-2007, 08:48 PM   #16 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,569
OS: 2000 Pro; XP Pro; XP Home


Re: WinAble and other goodies... Help? HJT logfile
Since this issue appears resolved ... this Topic is now archived.

If you need this topic reopened, please PM me with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 08:18 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85