Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Spyware keeps on coming back also can't shutdown from the start menu it's not showing
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 12-29-2007, 07:02 PM   #1 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 11
OS: win xp service pack 2


Spyware keeps on coming back also can't shutdown from the start menu it's not showing
There is this spyware named ISPY that keeps on coming back I used Spyware terminator but it deletes it but when I reboot it comes back Omg I hate it. Also my Shutdown/restart and run doesn't display on my Startmenu because of the viruses/spyware. Man everything was working fine till these viruses/spyware came nooooo!!!!! Dang and also my task manager doesn't work it says, "Task Manager has been disabled by the adminstrator." *** Well if you can help me Thank you Also My programs that I'm using are spyware terminator, AVG antivirus free, and spywareblaster. Well I followed the 5 steps stickies and it says to post some stuff here. Well here it is

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:08:32 PM, on 12/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\An Tran\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\superfindout.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/s...SYSSCANNER.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O20 - Winlogon Notify: explorer - explorer.dll (file missing)
O20 - Winlogon Notify: tuvtqro - tuvtqro.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

--
End of file - 9356 bytes



Panda online scanner


Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@ad.yieldmanager[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@ads.pointroll[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@atdmt[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@atdmt[3].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@burstnet[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@burstnet[3].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@doubleclick[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@findwhat[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@server.iad.liveperson[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@server.iad.liveperson[3].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@statse.webtrendslive[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@statse.webtrendslive[3].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\An Tran\Cookies\an_tran@www.burstbeacon[1].txt
Virus:W32/Bobax.DA.worm Disinfected C:\Program Files\Cisco Systems\Clean Access Agent\AV41\OPSWATAVCommon.dll
Adware:Adware/BHO Not disinfected C:\WINDOWS\system32\adssite-remove.exe
dangs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 12-31-2007, 02:00 PM   #2 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,723
OS: 2000 Pro; XP Pro; XP Home


Re: Spyware keeps on coming back also can't shutdown from the start menu it's not sho
Hi -

If you followed the 5 steps completely, you'd have seen we want a set of logs from Deckard's System Scanner.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

I need more information before continuing, please.

For now, I'd like a more comprehensive set of logs from Deckard's System Scanner.

---------------------------------------------------------------------------------------------

You are using an outdated version of HijackThis. Please uninstall from Add/Remove programs, and delete your current version.

Next, download HijackThis to your desktop

Alternate link

Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

When it does, just close it, please. Next....
---------------------------------------------------------------------------------------------


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-01-2008, 02:58 PM   #3 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 11
OS: win xp service pack 2


Re: Spyware keeps on coming back also can't shutdown from the start menu it's not sho
Hi I got your email. When i use dss.exe the first the main text pop upped with the extra text but I saw that my browser is on so i had to exit and I re-did the test and only the main text came out. Oh yea my shutdown and restart came back and my task manager works now(I ran Super-antispyware). Also I have a question do i reboot my computer into safe mode and go to adminstrative account because thats my admin place but I won't get any internet even with boot with networking. Also I appreciate your help I will donate but I gotta see if theres still money on my prepaid credit card. Well Thank You and for your help and have a happy new year. Well heres my main txt. I dont have my ext. text. Grrr my internet so slowwww dang viruses.

Deckard's System Scanner v20071014.68
Run by An Tran on 2008-01-01 13:37:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as An Tran.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:58 PM, on 1/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\An Tran\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ANTRAN~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\superfindout.dll
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/s...SYSSCANNER.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...96/mcfscan.cab
O20 - Winlogon Notify: tuvtqro - tuvtqro.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

--
End of file - 6803 bytes

-- Files created between 2007-12-01 and 2008-01-01 -----------------------------

2008-01-01 13:21:42 0 d-------- C:\Program Files\Trend Micro
2008-01-01 00:44:38 850 --a------ C:\Documents and Settings\An Tran\FileName.vbs
2008-01-01 00:43:23 0 d-------- C:\Program Files\RegScrubXP
2007-12-31 21:07:11 0 d-------- C:\Program Files\Lavasoft
2007-12-31 21:07:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-31 20:50:01 0 d-------- C:\Program Files\Common Files\Funk Software
2007-12-31 18:01:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-31 17:52:10 0 d-------- C:\Program Files\RogueRemover FREE
2007-12-31 15:56:15 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2007-12-31 15:56:15 0 d-------- C:\Program Files\DAP
2007-12-31 15:34:13 0 dr-h----- C:\Documents and Settings\An Tran\Recent
2007-12-31 14:44:26 0 d-------- C:\Documents and Settings\An Tran\Application Data\AVG7
2007-12-31 14:44:11 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-31 14:31:22 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-31 14:31:21 0 d-------- C:\Documents and Settings\An Tran\Application Data\SUPERAntiSpyware.com
2007-12-31 14:26:02 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-12-31 14:25:42 0 d-------- C:\Program Files\kernel
2007-12-31 13:21:42 0 d-------- C:\WINDOWS\McAfee.com
2007-12-31 12:41:02 0 d-------- C:\Program Files\McAfee
2007-12-31 01:03:38 0 d-------- C:\Program Files\FlashGet
2007-12-31 00:35:33 0 d-------- C:\Program Files\uTorrent
2007-12-31 00:35:31 0 d-------- C:\Documents and Settings\An Tran\Application Data\uTorrent
2007-12-30 18:56:05 0 d-------- C:\Documents and Settings\An Tran\Application Data\DivX
2007-12-30 18:45:32 0 d-------- C:\divx
2007-12-30 18:20:51 0 d-------- C:\Program Files\VideoLAN
2007-12-30 17:09:55 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2007-12-30 17:09:55 0 d-------- C:\Program Files\Spy Cleaner Gold
2007-12-30 16:02:43 0 d-------- C:\VundoFix Backups
2007-12-30 10:18:00 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-30 09:52:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-30 09:52:47 0 d-------- C:\Documents and Settings\An Tran\Application Data\PrevxCSI
2007-12-29 21:52:59 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-29 21:51:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-29 21:22:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-29 21:17:01 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-29 19:39:59 5464604 --a------ C:\WINDOWS\system32\SBSP.dat
2007-12-29 19:31:25 459 --a------ C:\WINDOWS\system32\SBFC.dat
2007-12-29 19:12:02 0 d-------- C:\Documents and Settings\An Tran\Application Data\Sunbelt Software
2007-12-29 18:51:45 0 d-------- C:\Documents and Settings\An Tran\Application Data\True Sword
2007-12-29 18:47:13 0 d-------- C:\Program Files\Helper
2007-12-29 18:36:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-12-29 12:39:32 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-29 11:58:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2007-12-29 11:57:48 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-12-29 11:57:48 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-12-29 11:57:48 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-12-29 11:57:48 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-12-29 11:57:48 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-12-29 11:57:48 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-12-29 11:57:48 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-12-29 11:57:48 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-12-29 11:57:48 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-12-29 11:57:48 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-12-29 11:57:48 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-12-29 11:57:48 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-12-29 11:57:48 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-12-29 11:57:47 524288 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2007-12-29 11:41:37 0 d-------- C:\Program Files\WinClamAVShield
2007-12-29 10:16:45 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2007-12-29 10:12:44 8576 --a------ C:\WINDOWS\system32\drivers\pilvondljxwl.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-12-29 02:09:06 0 d-------- C:\Documents and Settings\An Tran\.housecall6.6
2007-12-29 01:56:09 0 d-------- C:\Program Files\Enigma Software Group
2007-12-29 00:34:41 0 d-------- C:\WINDOWS\BDOSCAN8
2007-12-28 22:37:52 0 dr-h----- C:\$VAULT$.AVG
2007-12-28 22:29:45 0 d-------- C:\Program Files\Common Files\SWF Studio
2007-12-28 22:28:21 0 d-------- C:\Program Files\Dealio
2007-12-28 22:27:22 2 --a------ C:\-2073593180
2007-12-28 22:27:11 54314 --a------ C:\WINDOWS\system32\xpdx.sys
2007-12-28 10:36:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-28 09:46:48 0 d-------- C:\Program Files\ImTOO
2007-12-28 08:39:36 0 d-------- C:\Program Files\Codec Pack - All In 1
2007-12-27 19:39:52 0 d-------- C:\Program Files\Common Files\NSV
2007-12-27 14:51:37 348160 --a------ C:\WINDOWS\system32\cdga.dll <Not Verified; ; Cucusoft Audio Transparent Filter>
2007-12-27 14:51:37 14909 --a------ C:\WINDOWS\system32\A_reg.reg
2007-12-27 14:51:36 364544 --a------ C:\WINDOWS\system32\cdg.dll <Not Verified; Cucusoft Inc.; Cucusoft>
2007-12-27 14:40:39 0 d-------- C:\ConverterOutput
2007-12-27 14:39:56 262144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-12-27 14:39:56 34820 --a------ C:\WINDOWS\system32\ffdshow.reg
2007-12-27 14:39:55 395776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-12-27 14:39:55 112640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-12-27 14:39:55 2255360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-12-27 14:39:48 0 d-------- C:\Program Files\Cucusoft
2007-12-27 14:34:01 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-12-27 14:34:01 1559040 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-27 14:33:58 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-12-27 14:17:43 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-12-27 14:13:52 0 d-------- C:\Program Files\TubeSucker
2007-12-27 13:38:27 0 d-------- C:\Program Files\Common Files\Download Manager
2007-12-27 13:25:53 0 d-------- C:\Documents and Settings\An Tran\LimeWire Store Purchased
2007-12-27 13:25:53 0 d-------- C:\Documents and Settings\An Tran\LimeWire Shared
2007-12-27 13:25:53 0 d-------- C:\Documents and Settings\An Tran\LimeWire Saved
2007-12-27 12:35:10 0 d-------- C:\Documents and Settings\An Tran\Application Data\BitTorrent
2007-12-27 12:35:05 0 d-------- C:\Program Files\DNA
2007-12-27 12:35:05 0 d-------- C:\Documents and Settings\An Tran\Application Data\DNA
2007-12-23 11:53:11 0 d-------- C:\Program Files\SCAR 3.12
2007-12-17 22:04:54 1751 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-12-15 13:02:25 0 d-------- C:\Documents and Settings\An Tran\Application Data\Apple Computer
2007-12-15 09:30:45 0 d-------- C:\Documents and Settings\An Tran\Application Data\MPEG Streamclip
2007-12-15 09:13:11 0 d-------- C:\Program Files\QuickTime
2007-12-15 09:13:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-15 09:12:35 0 d-------- C:\Program Files\Apple Software Update
2007-12-15 09:12:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-10 19:31:47 0 d-------- C:\Documents and Settings\An Tran\Application Data\Sony Corporation
2007-12-10 19:18:11 3654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2007-12-10 19:18:10 0 d-------- C:\Drivers
2007-12-10 19:16:46 0 d-------- C:\Program Files\Sony
2007-12-03 17:33:18 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-03 17:33:18 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 17:33:18 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 17:33:16 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-01 17:32:37 0 d-------- C:\Documents and Settings\An Tran\Application Data\Motive
2007-12-01 17:31:19 0 d-------- C:\WINDOWS\Motive
2007-12-01 17:31:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive
2007-12-01 17:30:37 0 d-------- C:\Program Files\SBC Self Support Tool


-- Find3M Report ---------------------------------------------------------------

2008-01-01 13:33:59 0 d-------- C:\Program Files\Steam
2007-12-31 2142 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-31 20:50:01 0 d-------- C:\Program Files\Common Files
2007-12-31 20:49:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-31 15:07:27 0 d-------- C:\Program Files\DivX
2007-12-31 14:26:07 0 d-------- C:\Documents and Settings\An Tran\Application Data\LimeWire
2007-12-30 18:22:44 0 d-------- C:\Documents and Settings\An Tran\Application Data\vlc
2007-12-28 08:38:42 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-12-27 12:36:42 0 d-------- C:\Documents and Settings\An Tran\Application Data\Adobe
2007-12-10 19:23:20 0 d-------- C:\Program Files\Yahoo!
2007-12-10 19:23:18 0 d-------- C:\Program Files\WinAce
2007-11-29 14:30:28 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 14:28:24 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-11-29 14:28:24 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-11-28 13:52:32 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-21 21:48:59 0 d-------- C:\Program Files\AIM6
2007-11-02 16:18:27 0 d-------- C:\Program Files\Java
2007-10-25 10:26:48 53248 --a------ C:\WINDOWS\bdoscandel.exe
2007-10-17 09:23:24 10752 --a------ C:\WINDOWS\system32\WhoisCL.exe <Not Verified; NirSoft; WhoisCL>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
12/31/2007 11:52 PM 15872 --a------ C:\Program Files\Helper\superfindout.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [11/10/2005 08:05 PM]
"D-Link Air Utility"="C:\Program Files\D-Link\Air Utility\AirCFG.exe" [09/09/2003 04:36 PM]
"ANIWZCSService"="C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [08/21/2003 03:12 PM]
"PCTVOICE"="pctspk.exe" [02/24/2003 02:35 PM C:\WINDOWS\system32\pctspk.exe]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [12/17/2002 11:28 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 10:56 AM]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [11/17/2006 01:39 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/31/2007 02:43 PM]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [12/31/2007 03:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [04/04/2007 06:42 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"Steam"="c:\program files\steam\steam.exe" [11/29/2007 05:23 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [12/27/2007 12:35 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\An Tran\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [12/10/2007 7:17:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 12:15:54 AM]
Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [12/31/2007 8:49:36 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvtqro]
tuvtqro.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{29FCEE19-7D85-1F31-71F8-D7CC9111458D}]
C:\WINDOWS\system32:svchost.exe



-- End of Deckard's System Scanner: finished at 2008-01-01 13:38:27 ------------
dangs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-01-2008, 03:04 PM   #4 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,723
OS: 2000 Pro; XP Pro; XP Home


Re: Spyware keeps on coming back also can't shutdown from the start menu it's not sho
If you've run DSS more than once, extra.txt should be located at C:\Deckard\System Scanner or in a numbered folder within that location. Please post it in your next reply. If you still can't find it, do this:

Please run Deckard's System Scanner once again, this time using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK
"%userprofile%\desktop\dss.exe" /config
Click on "Check All"

Click on "Uncheck All"

On the right side, under Extra Log, check all except "Event Logs".

Click Scan!

When finished, it shall produce a log for you. Post that log in your next reply.

-----------------------------------------------

Quote:
Also I have a question do i reboot my computer into safe mode and go to adminstrative account because thats my admin place but I won't get any internet even with boot with networking.
No. All work should be done in your usual account unless otherwise stated. Also, do not use Safe Mode unless it's specifically stated in the instructions.

Quote:
Also I appreciate your help I will donate but I gotta see if theres still money on my prepaid credit card.
It's only if you can, certainly not a requirement. My assistance is free of charge, but the forum needs donations to maintain servers and software upgrades.

----------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-01-2008, 04:33 PM   #5 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 11
OS: win xp service pack 2


Re: Spyware keeps on coming back also can't shutdown from the start menu it's not sho
Event Description:
The file C:\Documents and Settings\An Tran\Local Settings\Temp\RarSFX0\whiehlpr.dll contains Spyware-WebHancer Spyware. The file was successfully deleted.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type35146 / Warning
Event Submitted/Written: 01/01/2008 03:21:24 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type35120 / Warning
Event Submitted/Written: 01/01/2008 01:50:31 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type35119 / Warning
Event Submitted/Written: 01/01/2008 01:36:52 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type35090 / Warning
Event Submitted/Written: 01/01/2008 01:28:55 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type35085 / Warning
Event Submitted/Written: 01/01/2008 01:15:16 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-01-01 15:22:12 ------------
Attached Files
File Type: txt extra.txt (2.9 KB, 0 views)
dangs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-01-2008, 04:43 PM   #6 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 11
OS: win xp service pack 2


Re: Spyware keeps on coming back also can't shutdown from the start menu it's not sho
I found my old one

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) M processor 1600MHz
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 767.23 MiB / 403.88 MiB
Pagefile Memory (total/avail): 1300.99 MiB / 974.74 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.73 MiB

C: is Fixed (NTFS) - 27.95 GiB total, 16.37 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK3021GAS - 27.95 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 27.95 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Steam\\steamapps\\talon53@comcast.net\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\talon53@comcast.net\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\Cisco Systems\\Clean Access Agent\\CCAAgent.exe"="C:\\Program Files\\Cisco Systems\\Clean Access Agent\\CCAAgent.exe:*:Enabled:Clean Access Agent"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Steam\\steamapps\\ansandan\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\ansandan\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\riotsk8er05@juno.com\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\riotsk8er05@juno.com\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\ansandan\\condition zero\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\ansandan\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\ansandan\\condition zero deleted scenes\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\ansandan\\condition zero deleted scenes\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\shadow fo life\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\shadow fo life\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\NEXON\\MapleStory\\Patcher.exe"="C:\\Program Files\\NEXON\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\NEXON\\MapleStory\\NewPatcher.exe"="C:\\Program Files\\NEXON\\MapleStory\\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Westwood\\RA2\\game.exe"="C:\\Westwood\\RA2\\game.exe:*:Enabled:Main executable for Red Alert 2"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\ansandan\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\ansandan\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\ansandan\\condition zero\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\ansandan\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\ansandan\\condition zero deleted scenes\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\ansandan\\condition zero deleted scenes\\hl.exe:*:Enabled:Half-Life Launcher"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe"="C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe:*:Enabled:Active Virus Shield"
"C:\\Nexon\\MapleStory\\NewPatcher.exe"="C:\\Nexon\\MapleStory\\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Nexon\\MapleStory\\Patcher.exe"="C:\\Nexon\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Steam\\steamapps\\snaj1\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\snaj1\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\snaj1\\dedicated server\\hlds.exe"="C:\\Program Files\\Steam\\steamapps\\snaj1\\dedicated server\\hlds.exe:*:Enabled:HLDS Launcher"
"C:\\Program Files\\Steam\\steamapps\\snaj1\\dedicated server\\hltv.exe"="C:\\Program Files\\Steam\\steamapps\\snaj1\\dedicated server\\hltv.exe:*:Enabled:HLTV Launcher"
"C:\\Program Files\\Valve\\HLServer\\hlds.exe"="C:\\Program Files\\Valve\\HLServer\\hlds.exe:*:Enabled:HLDS Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\snaj1\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\snaj1\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\snaj1\\dedicated server\\hlds.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\snaj1\\dedicated server\\hlds.exe:*:Enabled:HLDS Launcher"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam Client"
"C:\\Nexon\\MapleStory\\MapleStory.exe"="C:\\Nexon\\MapleStory\\MapleStory.exe:*:Enabled:MapleStory"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\An Tran\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=INSPIRON
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\An Tran
LOGONSERVER=\\INSPIRON
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ANTRAN~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ANTRAN~1\LOCALS~1\Temp
USERDOMAIN=INSPIRON
USERNAME=An Tran
USERPROFILE=C:\Documents and Settings\An Tran
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

An Tran (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADEF1025-6D3B-485C-9AC9-1A2D81665B7F}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 /removeonly -removeonly
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Codec Pack - All In 1 6.0.3.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
Counter-Strike(TM) --> MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
Cucusoft DVD to Zune + Zune Video Converter Suite 6.2.5.16 --> "C:\Program Files\Cucusoft\zune-converter\unins000.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
Finale NotePad 2008 --> C:\Program Files\Finale NotePad 2008\uninstallNP.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Codec Pack 3.5.7 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
MapleStory --> MsiExec.exe /I{A4722257-521C-48E6-9F8D-11B286645AD3}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Odyssey SDK --> MsiExec.exe /I{99D42EC7-652B-4819-B3E6-6450C815E03F}
PCTEL 2304WT V.9x MDC Modem Drivers --> ptuninst.exe
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RegScrubXP 3.25 --> "C:\Program Files\RegScrubXP\unins000.exe"
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Wireless-G Notebook Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}\Setup.exe" -l0x9
Zune Video Converter 3 --> C:\Program Files\ImTOO\Zune Video Converter 3\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type9130 / Warning
Event Submitted/Written: 12/31/2007 10:04:02 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C

Event Record #/Type9121 / Error
Event Submitted/Written: 12/31/2007 09:14:10 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.5.1.15, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type9108 / Error
Event Submitted/Written: 12/31/2007 06:05:27 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 504754043.

Event Record #/Type9107 / Error
Event Submitted/Written: 12/31/2007 06:05:23 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.5.1.15, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type9073 / Warning
Event Submitted/Written: 12/31/2007 02:24:35 PM
Event ID/Source: 258 / McLogEvent
Event Description:
The file C:\Documents and Settings\An Tran\Local Settings\Temp\RarSFX0\whiehlpr.dll contains Spyware-WebHancer Spyware. The file was successfully deleted.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type35085 / Warning
Event Submitted/Written: 01/01/2008 01:15:16 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type35031 / Warning
Event Submitted/Written: 01/01/2008 00:41:27 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type35029 / Warning
Event Submitted/Written: 01/01/2008 00:37:42 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014BFD8A03E. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type35026 / Warning
Event Submitted/Written: 01/01/2008 00:37:29 AM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "Wireless-G Notebook Adapter WLAN Monitor Gcc"

Event Record #/Type35025 / Warning
Event Submitted/Written: 01/01/2008 00:37:29 AM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "Wireless-G Notebook Adapter WLAN Monitor Gcc"



-- End of Deckard's System Scanner: finished at 2008-01-01 13:27:45 ------------
Attached Files
File Type: txt extra.txt (16.8 KB, 0 views)
dangs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-01-2008, 05:09 PM   #7 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,723
OS: 2000 Pro; XP Pro; XP Home


Re: Spyware keeps on coming back also can't shutdown from the start menu it's not sho
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
  1. Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disconnect from the internet....pull the plug!
  3. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  4. Double click on combofix.exe & follow the prompts. Type 1, then press Enter to start the fix.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.
  8. Re-establish an internet connection.
  9. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-01-2008, 05:41 PM   #8 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 11
OS: win xp service pack 2


Re: Spyware keeps on coming back also can't shutdown from the start menu it's not sho
ComboFix 08-01-02.1 - An Tran 2008-01-01 16:26:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.505 [GMT -8:00]
Running from: C:\Documents and Settings\An Tran\Desktop\ComboFix.exe
* Created a new restore point
.
ADS - system32: deleted 10820 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Helper
C:\Program Files\Helper\superfindout.dll
C:\WINDOWS\adaway.lic
C:\WINDOWS\system32\xpdx.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_FCI
-------\LEGACY_SYSLIBRARY
-------\xpdx


((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 )))))))))))))))))))))))))))))))
.

2008-01-01 16:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 16:23 . 2008-01-01 16:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-01 13:25 . 2008-01-01 13:25 <DIR> d-------- C:\Deckard
2008-01-01 13:21 . 2008-01-01 13:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-01 00:44 . 2008-01-01 00:44 850 --a------ C:\Documents and Settings\An Tran\FileName.vbs
2008-01-01 00:43 . 2008-01-01 00:55 <DIR> d-------- C:\Program Files\RegScrubXP
2007-12-31 20:50 . 2007-12-31 20:50 <DIR> d-------- C:\Program Files\Common Files\Funk Software
2007-12-31 20:49 . 2004-12-17 13:52 17,992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys
2007-12-31 20:49 . 2004-12-17 13:52 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys
2007-12-31 19:01 . 2007-12-31 19:01 103 --a------ C:\WINDOWS\wininit.ini
2007-12-31 18:01 . 2007-12-31 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-31 17:52 . 2007-12-31 21:33 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-12-31 15:56 . 2007-12-31 17:37 <DIR> d-------- C:\Program Files\DAP
2007-12-31 15:56 . 2007-12-31 15:56 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2007-12-31 15:56 . 2007-12-31 15:56 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2007-12-31 15:56 . 2007-12-31 15:56 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-12-31 14:31 . 2007-12-31 17:43 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-31 14:31 . 2007-12-31 17:43 <DIR> d-------- C:\Documents and Settings\An Tran\Application Data\SUPERAntiSpyware.com
2007-12-31 14:26 . 2007-12-31 14:26 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-31 14:25 . 2007-12-31 14:25 <DIR> d-------- C:\Program Files\kernel
2007-12-31 13:56 . 2007-12-31 14:08 38 --a------ C:\WINDOWS\avisplitter.INI
2007-12-31 13:21 . 2007-12-31 13:21 <DIR> d-------- C:\WINDOWS\McAfee.com
2007-12-31 12:41 . 2007-12-31 14:36 <DIR> d-------- C:\Program Files\McAfee
2007-12-31 12:41 . 2006-11-17 03:06 280 --a------ C:\WINDOWS\system32\epoPGPsdk.dll.sig
2007-12-31 01:03 . 2007-12-31 15:32 <DIR> d-------- C:\Program Files\FlashGet
2007-12-31 01:03 . 2007-12-28 15:04 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2007-12-31 00:35 . 2007-12-31 00:35 <DIR> d-------- C:\Program Files\uTorrent
2007-12-31 00:35 . 2007-12-31 14:01 <DIR> d-------- C:\Documents and Settings\An Tran\Application Data\uTorrent
2007-12-30 18:56 . 2007-12-30 18:56 <DIR> d-------- C:\Documents and Settings\An Tran\Application Data\DivX
2007-12-30 18:45 . 2007-12-30 19:31 <DIR> d-------- C:\divx
2007-12-30 18:20 . 2007-12-30 18:55 <DIR> d-------- C:\Program Files\VideoLAN
2007-12-30 17:09 . 2007-12-31 00:30 <DIR> d-------- C:\Program Files\Spy Cleaner Gold
2007-12-30 17:09 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-12-30 16:02 . 2007-12-30 16:02 <DIR> d-------- C:\VundoFix Backups
2007-12-30 10:18 . 2007-12-30 10:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-30 09:52 . 2007-12-30 09:53 <DIR> d-------- C:\Documents and Settings\An Tran\Application Data\PrevxCSI
2007-12-30 09:52 . 2007-12-30 09:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-29 21:52 . 2007-12-29 21:52 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-29 21:22 . 2007-12-30 10:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-29 21:17 . 2007-12-30 10:36 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-29 19:39 . 2007-12-29 20:59 5,464,604 --a------ C:\WINDOWS\system32\SBSP.dat
2007-12-29 19:31 . 2007-12-29 20:59 459 --a------ C:\WINDOWS\system32\SBFC.dat
2007-12-29 19:12 . 2007-12-29 19:12 <DIR> d-------- C:\Documents and Settings\An Tran\Application Data\Sunbelt Software
2007-12-29 18:51 . 2007-12-29 18:51 <DIR> d-------- C:\Documents and Settings\An Tran\Application Data\True Sword
2007-12-29 12:39 . 2007-12-29 12:39 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-29 11:58 . 2007-12-29 18:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2007-12-29 11:41 . 2007-12-29 16:06 <DIR> d-------- C:\Program Files\WinClamAVShield
2007-12-29 10:16 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2007-12-29 10:12 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\pilvondljxwl.sys
2007-12-29 09:46 . 2007-12-29 16:27 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-29 09:46 . 2007-12-29 16:27 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-29 02:09 . 2007-12-29 11:31 <DIR> d-------- C:\Documents and Settings\An Tran\.housecall6.6
2007-12-29 01:56 . 2007-12-29 02:05 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-12-29 00:34 . 2007-12-29 01:39 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-12-28 22:29 . 2007-12-28 22:29 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-12-28 22:28 . 2007-12-28 22:32 <DIR> d-------- C:\Program Files\Dealio
2007-12-28 22:27 . 2007-12-28 22:27 2 --a------ C:\-2073593180
2007-12-28 15:04 . 2007-12-28 15:04 359,808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-12-28 10:36 . 2008-01-01 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-28 09:46 . 2007-12-28 09:46 <DIR> d-------- C:\Program Files\ImTOO
2007-12-28 08:39 . 2007-12-28 08:39 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-12-27 19:39 . 2007-12-27 19:39 <DIR> d-------- C:\Program Files\Common Files\NSV
2007-12-27 14:51 . 2004-01-16 15:50 516,096 --a------ C:\WINDOWS\system32\CLVSD.ax
2007-12-27 14:51 . 2007-03-26 16:41 364,544 --a------ C:\WINDOWS\system32\cdg.dll
2007-12-27 14:51 . 2006-09-27 17:46 348,160 --a------ C:\WINDOWS\system32\cdga.dll
2007-12-27 14:51 . 2006-07-08 04:07 114,688 --a------ C:\WINDOWS\system32\PropListCtrl.ocx
2007-12-27 14:51 . 2006-07-17 21:42 14,909 --a------ C:\WINDOWS\system32\A_reg.reg
2007-12-27 14:40 . 2007-12-27 14:59 <DIR> d-------- C:\ConverterOutput
2007-12-27 14:39 . 2007-12-27 14:39 <DIR> d-------- C:\Program Files\Cucusoft
2007-12-27 14:39 . 2004-10-12 14:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-12-27 14:39 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DLL
2007-12-27 14:39 . 2004-10-05 16:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-12-27 14:39 . 2004-10-12 14:42 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-12-27 14:39 . 2004-10-04 01:50 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-12-27 14:39 . 2004-09-10 13:50 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg
2007-12-27 14:34 . 2007-07-25 14:24 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-27 14:34 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2007-12-27 14:34 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-12-27 14:34 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2007-12-27 14:34 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2007-12-27 14:33 . 2007-07-29 16:51 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-12-27 14:33 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2007-12-27 14:17 . 2007-12-27 14:33 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-12-27 14:13 . 2007-12-31 15:06 <DIR> d-------- C:\Program Files\TubeSucker
2007-12-27 13:38 . 2007-12-27 13:38 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-12-27 13:25 . 2007-12-27 13:25 <DIR> d-------- C:\Documents and Settings\An Tran\LimeWire Store Purchased
2007-12-27 13:25 . 2007-12-27 13:25 <DIR> d-------- C:\Documents and Settings\An Tran\LimeWire Shared
2007-12-27 13:25 . 2007-12-31 14:23 <DIR> d-------- C:\Documents and Settings\An Tran\LimeWire Saved
2007-12-27 12:35 . 2007-12-29 16:25 <DIR> d-------- C:\Program Files\DNA
2007-12-27 12:35 . 2008-01-01 16:29 <DIR> d-------- C:\Documents and Settings\An Tran\Application Data\DNA
2007-12-27 12:35 . 2007-12-28 22:23 <DIR> d-------- C:\Documents and Settings\An Tran\Application Data\BitTorrent
2007-12-23 11:53 . 2007-12-31 15:06 <DIR> d-------- C:\Program Files\SCAR 3.12
2007-12-15 13:02 . 2007-12-15 13:02 <DIR> d-------- C:\Documents and Settings\An Tran\Application Data\Apple Computer
2007-12-15 13:01 . 2007-12-17 22:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-15 13:01 . 2007-12-15 13:01 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-15 09:30 . 2007-12-15 09:30 <DIR> d-------- C:\Documents and Settings\An Tran\Application Data\MPEG Streamclip
2007-12-15 09:13 . 2007-12-15 09:13 <DIR> d-------- C:\Program Files\QuickTime
2007-12-15 09:13 . 2007-12-15 09:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-15 09:12 . 2007-12-15 09:12 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-15 09:12 . 2007-12-15 09:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 00:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-02 00:30 --------- d-----w C:\Program Files\Steam
2008-01-02 00:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-01 04:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-31 23:07 --------- d-----w C:\Program Files\DivX
2007-12-31 22:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-31 22:26 --------- d-----w C:\Documents and Settings\An Tran\Application Data\LimeWire
2007-12-31 19:05 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-12-31 02:22 --------- d-----w C:\Documents and Settings\An Tran\Application Data\vlc
2007-12-28 16:38 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-11 03:23 --------- d-----w C:\Program Files\Yahoo!
2007-12-11 03:23 --------- d-----w C:\Program Files\WinAce
2007-12-11 03:23 --------- d-----w C:\Program Files\SBC Self Support Tool
2007-12-02 01:32 --------- d-----w C:\Documents and Settings\An Tran\Application Data\Motive
2007-12-02 01:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2007-11-22 05:48 --------- d-----w C:\Program Files\AIM6
2007-11-22 05:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-22 05:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-04 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-03 00:18 --------- d-----w C:\Program Files\Java
2007-10-25 18:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-09-05 15:47 75,808 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-05 15:47 5,664 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-04-04 18:42 160832]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"Steam"="c:\program files\steam\steam.exe" [2007-11-29 17:23 1266936]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2007-12-27 12:35 290112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 20:05 344064]
"D-Link Air Utility"="C:\Program Files\D-Link\Air Utility\AirCFG.exe" [2003-09-09 16:36 3362816]
"ANIWZCSService"="C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 15:12 32768]
"PCTVOICE"="pctspk.exe" [2003-02-24 14:35 163840 C:\WINDOWS\system32\pctspk.exe]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 11:28 684032]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39 136768]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-12-31 15:56 4576768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-03 23:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\An Tran\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-10 19:17:08]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 00:15:54]
Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2007-12-31 20:49:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvtqro]
tuvtqro.dll

R2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 13:29]
R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
R3 kbdcap;kbdcap;C:\WINDOWS\system32\drivers\kbdcap.sys [2007-04-15 20:14]
R3 moufiltr;Chic Tech Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2007-02-10 13:03]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-24 22:36]
S3 iCheat1;iCheat1;C:\Documents and Settings\An Tran\Desktop\H4X\nvid999.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\Documents and Settings\An Tran\Desktop\ms\IlvMoney1083.sys []
S3 OZSCR;O2Micro SmartCardBus Smartcard Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-04-21 20:58]
S3 PRISM;D-Link Air Wireless Prism3 Adapter Driver;C:\WINDOWS\system32\DRIVERS\PRISMNDS.sys [2003-07-17 12:58]
S3 sejt1;sejt1;C:\Documents and Settings\An Tran\Desktop\AkumaEngine\sejt.sys []
S3 spuce1;spuce1;C:\Documents and Settings\An Tran\Desktop\spruce\spuce.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 WPC54GSv2;Linksys Wireless Notebook Adapter WPC54Gv3 Driver;C:\WINDOWS\system32\DRIVERS\WPC54GSv2.SYS [2006-11-30 23:54]
S3 xp1;xp1;C:\Documents and Settings\An Tran\Desktop\maplestory hacks\xp.sys []
S3 zenx1;zenx1;C:\Documents and Settings\An Tran\Desktop\ZenxEngine_LATEST\ZenxEngine_LATEST\zenx.sys []


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{29FCEE19-7D85-1F31-71F8-D7CC9111458D}]
C:\WINDOWS\system32:svchost.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-25 21:01:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 16:31:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-01 16:33:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-02 00:33:23
.
2007-12-13 15:34:45 --- E O F ---
Attached Files
File Type: txt ComboFix.txt (16.4 KB, 0 views)
dangs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-01-2008, 05:43 PM   #9 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 11
OS: win xp service pack 2


Re: Spyware keeps on coming back also can't shutdown from the start menu it's not sho
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:22 PM, on 1/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/s...SYSSCANNER.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...96/mcfscan.cab
O20 - Winlogon Notify: tuvtqro - tuvtqro.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

--
End of file - 6306 bytes
dangs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-01-2008, 05:47 PM   #10 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 11
OS: win xp service pack 2


Re: Spyware keeps on coming back also can't shutdown from the start menu it's not sho
here is the log file
Attached Files
File Type: txt hijackthis.txt (6.2 KB, 0 views)
dangs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-01-2008, 05:55 PM   #11 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,723
OS: 2000 Pro; XP Pro; XP Home


Re: Spyware keeps on coming back also can't shutdown from the start menu it's not sho
Be careful using torrents to get codes and game engines. They are often full of nasty surprises.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
Folder::
C:\Program Files\Spy Cleaner Gold
C:\VundoFix Backups
C:\Program Files\Enigma Software Group
C:\Documents and Settings\All Users\Application Data\Viewpoint

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvtqro]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{29FCEE19-7D85-1F31-71F8-D7CC9111458D}]
Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------

Please run this online scan to help look for remnants.

First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one.

Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-01-2008, 06:16 PM   #12 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 11
OS: win xp service pack 2


Re: Spyware keeps on coming back also can't shutdown from the start menu it's not sho
ComboFix 08-01-02.1 - An Tran 2008-01-01 17:09:08.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.455 [GMT -8:00]
Running from: C:\Documents and Settings\An Tran\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\An Tran\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\ComparativeSearch.xml
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\Services_Registry2.xml
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\FileModifiedDate.dll
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\PhotoSharing.dll
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoview\wiaaut.dll
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\photoviewVista\core\HTMLFeature.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\ThemeTemplates\Default\Template.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\config.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\4760433B7D747FCA7BEE455A77F9590343FA497D.dat
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\546AAF390A0A14DE68BED1B14740D9A414C847AD.dat
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\cache.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\history.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\locate-akamai.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\locate.mtz
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\ServicesRegistry.xml
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\vdt.dat
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\Cache\cache.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\core\HTMLFeature.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\Amazon\core\PersonalizationWrapper.dll
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\features\ThemeCustomizer\ThemeCustomizer.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\All Button States.isa
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\button_disabled.isa
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\button_down.isa
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\button_downover.isa
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\button_over.isa
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\button_up.isa
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\production\automationScripts\interface graphics.isa
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\Template.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Default\Theme.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\core\HTMLFeature.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\Amazon\core\PersonalizationWrapper.dll
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\features\ThemeCustomizer\ThemeCustomizer.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\Template.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.8.0\ThemesV3\Windows\Theme.ini
C:\Program Files\Enigma Software Group
C:\Program Files\Enigma Software Group\SpyHunter\AXList.txt
C:\Program Files\Enigma Software Group\SpyHunter\pgdata.dat
C:\Program Files\Enigma Software Group\SpyHunter\rgdata.dat
C:\Program Files\Enigma Software Group\SpyHunter\spyhunter.log
C:\Program Files\Enigma Software Group\SpyHunter\support.log
C:\Program Files\Spy Cleaner Gold
C:\Program Files\Spy Cleaner Gold\ActionLog.txt
C:\Program Files\Spy Cleaner Gold\BHOList.spw
C:\Program Files\Spy Cleaner Gold\Exclude.spw
C:\Program Files\Spy Cleaner Gold\settings.ini
C:\Program Files\Spy Cleaner Gold\Startup.spw
C:\VundoFix Backups

.
((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 )))))))))))))))))))))))))))))))
.

2008-01-01 16:40 . 2008-01-01 16:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-01 16:40 . 2008-01-01 16:41 <DIR> d-------- C:\Documents and Settings\An Tran\Application Data\AVG7
2008-01-01 16:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 16:23 . 2008-01-01 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-01 13:25 . 2008-01-01 13:25 <DIR> d-------- C:\Deckard
2008-01-01 13:21 . 2008-01-01 13:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-01 00:44 . 2008-01-01 00:44 850 --a------ C:\Documents and Settings\An Tran\FileName.vbs
2008-01-01 00:43 . 2008-01-01 00:55 <DIR> d-------- C:\Program Files\RegScrubXP
2007-12-31 20:50 . 2007-12-31 20:50 <DIR> d-------- C:\Program Files\Common Files\Funk Software
2007-12-31 20:49 . 2004-12-17 13:52 17,992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys
2007-12-31 20:49 . 2004-12-17 13:52 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys
2007-12-31 19:01 . 2007-12-31 19:01 103 --a------ C:\WINDOWS\wininit.ini
2007-12-31 18:01 . 2007-12-31 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-31 17:52 . 2007-12-31 21:33 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-12-31 15:56 . 2007-12-31 17:37 <DIR> d-------- C:\Program Files\DAP
2007-12-31 15:56 . 2007-12-31 15:56 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2007-12-31 15:56 . 2007-12-31 15:56 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2007-12-31 15:56 . 2007-12-31 15:56 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-12-31 14:31 . 2007-12-31 17:43 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-31 14:31 . 2007-12-31 17:43 <DIR> d-------- C:\Documents and Settings\An Tran\Application Data\SUPERAntiSpyware.com
2007-12-31 14:26 . 2007-12-31 14:26 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-31 14:25 . 2007-12-31 14:25 <DIR> d-------- C:\Program Files\kernel
2007-12-31 13:56 . 2007-12-31 14:08 38 --a------ C:\WINDOWS\avisplitter.INI
2007-12-31 13:21 . 2007-12-31 13:21 <DIR> d-------- C:\WINDOWS\McAfee.com
2007-12-31 12:41 . 2007-12-31 14:36 <DIR> d-------- C:\Program Files\McAfee
2007-12-31 12:41 . 2006-11-17 03:06 280 --a------ C:\WINDOWS\system32\epoPGPsdk.dll.sig
2007-12-31 01:03 . 2007-12-31 15:32 <DIR> d-------- C:\Program Files\FlashGet
2007-12-31 01:03 . 2007-12-28 15:04 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2007-12-31 00:35 . 2007-12-31 00:35 <DIR> d-------- C:\Program Files\uTorrent
2007-12-31 00:35 . 2007-12-31 14:01 <DIR> d-------- C:\Documents and Settings\An Tran\Application Data\uTorrent
2007-12-30 18:56 . 2007-12-30 18:56 <DIR> d-------- C:\Documents and Settings\An Tran\Application Data\DivX
2007-12-30 18:45 . 2007-12-30 19:31 <DIR> d-------- C:\divx
2007-12-30 18:20 . 2007-12-30 18:55 <DIR> d-------- C:\Program Files\VideoLAN
2007-12-30 17:09 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-12-30 10:18 . 2007-12-30 10:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-30 09:52 . 2007-12-30 09:53 <DIR> d-------- C:\Documents and Settings\An Tran\Application Data\PrevxCSI
2007-12-30 09:52 . 2007-12-30 09:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-29 21:52 . 2007-12-29 21:52 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-29 21:22 . 2007-12-30 10:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-29 21:17 . 2007-12-30 10:36 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-29 19:39 . 2007-12-29 20:59 5,464,604 --a------ C:\WINDOWS\system32\SBSP.dat
2007-12-29 19:31 . 2007-12-29 20:59 459 --a------ C:\WINDOWS\system32\SBFC.dat
2007-12-29 19:12 . 2007-12-29 19:12 <DIR> d-------- C:\Documents and Settings\An Tran\Application Data\Sunbelt Software
2007-12-29 18:51 . 2007-12-29 18:51 <DIR> d-------- C:\Documents and Settings\An Tran\Application Data\True Sword
2007-12-29 12:39 . 2007-12-29 12:39 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-29 11:58 . 2007-12-29 18:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2007-12-29 11:41 . 2007-12-29 16:06 <DIR> d-------- C:\Program Files\WinClamAVShield
2007-12-29 10:16 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2007-12-29 10:12 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\pilvondljxwl.sys
2007-12-29 09:46 . 2007-12-29 16:27 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-29 09:46 . 2007-12-29 16:27 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-29 02:09 . 2007-12-29 11:31 <DIR> d-------- C:\Documents and Settings\An Tran\.housecall6.6
2007-12-29 00:34 . 2007-12-29 01:39 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-12-28 22:29 . 2007-12-28 22:29 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-12-28 22:28 . 2007-12-28 22:32 <DIR> d-------- C:\Program Files\Dealio
2007-12-28 22:27 . 2007-12-28 22:27 2 --a------ C:\-2073593180
2007-12-28 15:04 . 2007-12-28 15:04 359,808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-12-28 10:36 . 2008-01-01 16:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-28 09:46 . 2007-12-28 09:46 <DIR> d-------- C:\Program Files\ImTOO
2007-12-28 08:39 . 2007-12-28 08:39 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-12-27 19:39 . 2007-12-27 19:39 <DIR> d-------- C:\Program Files\Common Files\NSV
2007-12-27 14:51 . 2004-01-16 15:50 516,096 --a------ C:\WINDOWS\system32\CLVSD.ax
2007-12-27 14:51 . 2007-03-26 16:41 364,544 --a------ C:\WINDOWS\system32\cdg.dll
2007-12-27 14:51 . 2006-09-27 17:46 348,160 --a------ C:\WINDOWS\system32\cdga.dll
2007-12-27 14:51 . 2006-07-08 04:07 114,688 --a------ C:\WINDOWS\system32\PropListCtrl.ocx
2007-12-27 14:51 . 2006-07-17 21:42 14,909 --a------ C:\WINDOWS\system32\A_reg.reg
2007-12-27 14:40 . 2007-12-27 14:59 <DIR> d-------- C:\ConverterOutput
2007-12-27 14:39 . 2007-12-27 14:39 <DIR> d-------- C:\Program Files\Cucusoft
2007-12-27 14:39 . 2004-10-12 14:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-12-27 14:39 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DLL
2007-12-27 14:39 . 2004-10-05 16:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-12-27 14:39 . 2004-10-12 14:42 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-12-27 14:39 . 2004-10-04 01:50 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-12-27 14:39 . 2004-09-10 13:50 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg
2007-12-27 14:34 . 2007-07-25 14:24 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-27 14:34 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2007-12-27 14:34 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-12-27 14:34 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2007-12-27 14:34 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2007-12-27 14:33 . 2007-07-29 16:51 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-12-27 14:33 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2007-12-27 14:17 . 2007-12-27 14:33 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-12-27 14:13 . 2007-12-31 15:06 <DIR> d-------- C:\Program Files\TubeSucker
2007-12-27 13:38 . 2007-12-27 13:38 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-12-27 13:25 . 2007-12-27 13:25 <DIR> d-------- C:\Documents and Settings\An Tran\LimeWire Store Purchased
2007-12-27 13:25 . 2007-12-27 13:25 <DIR> d-------- C:\Documents and Settings\An Tran\LimeWire Shared
2007-12-27 13:25 . 2007-12-31 14:23 <DIR> d-------- C:\Documents and Settings\An Tran\LimeWire Saved
2007-12-27 12:35 . 2007-12-29 16:25 <DIR> d-------- C:\Program Files\DNA
2007-12-27 12:35 . 2008-01-01 17:10 <DIR> d-------- C:\Documents and Settings\An Tran\Application Data\DNA
2007-12-27 12:35 . 2007-12-28 22:23 <DIR> d-------- C:\Documents and Settings\An Tran\Application Data\BitTorrent
2007-12-23 11:53 . 2007-12-31 15:06 <DIR> d-------- C:\Program Files\SCAR 3.12
2007-12-15 13:02 . 2007-12-15 13:02 <DIR> d-------- C:\Documents and Settings\An Tran\Application Data\Apple Computer
2007-12-15 13:01 . 2007-12-17 22:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-15 13:01 . 2007-12-15 13:01 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-15 09:30 . 2007-12-15 09:30 <DIR> d-------- C:\Documents and Settings\An Tran\Application Data\MPEG Streamclip
2007-12-15 09:13 . 2007-12-15 09:13 <DIR> d-------- C:\Program Files\QuickTime
2007-12-15 09:13 . 2007-12-15 09:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-15 09:12 . 2007-12-15 09:12 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-15 09:12 . 2007-12-15 09:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 01:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-02 00:30 --------- d-----w C:\Program Files\Steam
2008-01-02 00:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-01 04:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-31 23:07 --------- d-----w C:\Program Files\DivX
2007-12-31 22:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-31 22:26 --------- d-----w C:\Documents and Settings\An Tran\Application Data\LimeWire
2007-12-31 19:05 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-12-31 02:22 --------- d-----w C:\Documents and Settings\An Tran\Application Data\vlc
2007-12-29 06:27 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2007-12-28 16:38 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-11 03:23 --------- d-----w C:\Program Files\Yahoo!
2007-12-11 03:23 --------- d-----w C:\Program Files\WinAce
2007-12-11 03:23 --------- d-----w C:\Program Files\SBC Self Support Tool
2007-12-02 01:32 --------- d-----w C:\Documents and Settings\An Tran\Application Data\Motive
2007-12-02 01:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-22 05:48 --------- d-----w C:\Program Files\AIM6
2007-11-22 05:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-04 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-03 00:18 --------- d-----w C:\Program Files\Java
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 18:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-22 11:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 11:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-10-12 23:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 23:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-02 17:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
2007-09-05 15:47 75,808 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-05 15:47 5,664 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((( snapshot@2008-01-01_16.33.09.74 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-02 00:40:13 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
+ 2008-01-02 00:40:17 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
+ 2008-01-02 00:40:18 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
+ 2008-01-02 00:40:20 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
+ 2008-01-02 00:40:19 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-01-02 00:40:19 4,960 ----a-w C:\WINDOWS\system32\drivers\avgtdi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-04-04 18:42 160832]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"Steam"="c:\program files\steam\steam.exe" [2007-11-29 17:23 1266936]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2007-12-27 12:35 290112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 20:05 344064]
"D-Link Air Utility"="C:\Program Files\D-Link\Air Utility\AirCFG.exe" [2003-09-09 16:36 3362816]
"ANIWZCSService"="C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 15:12 32768]
"PCTVOICE"="pctspk.exe" [2003-02-24 14:35 163840 C:\WINDOWS\system32\pctspk.exe]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 11:28 684032]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39 136768]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-12-31 15:56 4576768]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-01 16:39 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-01 16:40 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-03 23:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\An Tran\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-10 19:17:08]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 00:15:54]
Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2007-12-31 20:49:36]

R2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 13:29]
R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
R3 kbdcap;kbdcap;C:\WINDOWS\system32\drivers\kbdcap.sys [2007-04-15 20:14]
R3 moufiltr;Chic Tech Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2007-02-10 13:03]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-24 22:36]
S3 iCheat1;iCheat1;C:\Documents and Settings\An Tran\Desktop\H4X\nvid999.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\Documents and Settings\An Tran\Desktop\ms\IlvMoney1083.sys []
S3 OZSCR;O2Micro SmartCardBus Smartcard Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-04-21 20:58]
S3 PRISM;D-Link Air Wireless Prism3 Adapter Driver;C:\WINDOWS\system32\DRIVERS\PRISMNDS.sys [2003-07-17 12:58]
S3 sejt1;sejt1;C:\Documents and Settings\An Tran\Desktop\AkumaEngine\sejt.sys []
S3 spuce1;spuce1;C:\Documents and Settings\An Tran\Desktop\spruce\spuce.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 WPC54GSv2;Linksys Wireless Notebook Adapter WPC54Gv3 Driver;C:\WINDOWS\system32\DRIVERS\WPC54GSv2.SYS [2006-11-30 23:54]
S3 xp1;xp1;C:\Documents and Settings\An Tran\Desktop\maplestory hacks\xp.sys []
S3 zenx1;zenx1;C:\Documents and Settings\An Tran\Desktop\ZenxEngine_LATEST\ZenxEngine_LATEST\zenx.sys []

*Newly Created Service* - AVG7ALRT
*Newly Created Service* - AVG7CORE
*Newly Created Service* - AVG7RSXP
*Newly Created Service* - AVG7UPDSVC
*Newly Created Service* - AVGCLEAN
*Newly Created Service* - AVGEMS
*Newly Created Service* - AVGTDI
.
Contents of the 'Scheduled Tasks' folder
"2007-12-25 21:01:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 17:11:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-01 17:12:19
ComboFix-quarantined-files.txt 2008-01-02 01:11:50
ComboFix2.txt 2008-01-02 00:33:38
.
2007-12-13 15:34:45 --- E O F ---
dangs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-01-2008, 07:51 PM   #13 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 11
OS: win xp service pack 2


Re: Spyware keeps on coming back also can't shutdown from the start menu it's not sho
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 01, 2008 6:51:01 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/01/2008
Kaspersky Anti-Virus database records: 501268
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 42622
Number of viruses found: 3
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 00:50:24

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080101133109\backup\DOCUME~1\ANTRAN~1\LOCALS~1\Temp\tmpB1.tmp.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Agent.zm skipped
C:\Deckard\System Scanner\20080101133109\backup\DOCUME~1\ANTRAN~1\LOCALS~1\Temp\tmpB1.tmp.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.zm skipped
C:\Deckard\System Scanner\20080101133109\backup\DOCUME~1\ANTRAN~1\LOCALS~1\Temp\tmpB1.tmp.exe NSIS: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\Agent_INSPIRON.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\PrdMgr_INSPIRON.log Object is locked skipped
C:\Documents and Settings\An Tran\Application Data\Mozilla\Firefox\Profiles\2ec7uvln.default\cert8.db Object is locked skipped
C:\Documents and Settings\An Tran\Application Data\Mozilla\Firefox\Profiles\2ec7uvln.default\history.dat Object is locked skipped
C:\Documents and Settings\An Tran\Application Data\Mozilla\Firefox\Profiles\2ec7uvln.default\key3.db Object is locked skipped
C:\Documents and Settings\An Tran\Application Data\Mozilla\Firefox\Profiles\2ec7uvln.default\parent.lock Object is locked skipped
C:\Documents and Settings\An Tran\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\An Tran\Desktop\An stuff\regtools.vbs Infected: Trojan.VBS.DisReg.a skipped
C:\Documents and Settings\An Tran\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\An Tran\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\An Tran\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\An Tran\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ec7uvln.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\An Tran\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ec7uvln.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\An Tran\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ec7uvln.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\An Tran\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ec7uvln.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\An Tran\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\An Tran\Local Settings\History\History.IE5\MSHist012008010120080102\index.dat Object is locked skipped
C:\Documents and Settings\An Tran\Local Settings\Temp\NAILogs\UpdaterUI_INSPIRON.log Object is locked skipped
C:\Documents and Settings\An Tran\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\An Tran\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\An Tran\ntuser.dat Object is locked skipped
C:\Documents and Settings\An Tran\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\DAP\History\An Tran\_lasthist.dat Object is locked skipped
C:\Program Files\DAP\Log\DAP_REPORT.LOG Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Helper\superfindout.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.rh skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6D24F754-7F2D-4CA8-816A-7F424023CF34}\RP5\A0000178.dll Infected: not-a-virus:AdWare.Win32.BHO.rh skipped
C:\System Volume Information\_restore{6D24F754-7F2D-4CA8-816A-7F424023CF34}\RP7\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
dangs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-01-2008, 07:56 PM   #14 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,723
OS: 2000 Pro; XP Pro; XP Home


Re: Spyware keeps on coming back also can't shutdown from the start menu it's not sho
Is this something you've knowingly downloaded?

C:\Documents and Settings\An Tran\Desktop\An stuff\regtools.vbs

From Doug Knox's site, perhaps?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-01-2008, 08:31 PM   #15 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 11
OS: win xp service pack 2


Re: Spyware keeps on coming back also can't shutdown from the start menu it's not sho
Yea, how did you know? My regedit was blocked and I couldn't use it. So I think i ue this tool to get it back I don't remember.
dangs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-01-2008, 08:33 PM   #16 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,723
OS: 2000 Pro; XP Pro; XP Home


Re: Spyware keeps on coming back also can't shutdown from the start menu it's not sho
LOL, it's my job to know.

That's fine then...you're all but done here.

The other finds by Kaspersky will be addressed by uninstalling ComboFix in the manner proscribed below:

Your logs appear clean.You should be good to go. We still have a few items to address.

Go to -> Run -> copy/paste in the following single line command & click OK

combofix /u



This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and use the following free programs:
  • Microsoft Windows Update - http://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • SpywareBlaster to help prevent spyware from installing in the first place.
    • Install & update SpywareBlaster with the latest definitions.
      After you have updated, click the button - enable protection for all unprotected items
  • SpywareGuard to catch and block spyware before it can execute.
  • IE-SpyAd - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. An installation tutorial is available here.

  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
    • Download Host.zip to your desktop.
    • From your Desktop right-click (hosts.zip) and select:
      Extract All from the menu.
    • Click Next, click Next, select the option:
      "Show Extracted files", click Finish
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    • Once updated you should see another prompt that the task was completed.
  • ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

    Do not install more than one AntiVirus program because they will conflict with each other.

  • FIREWALL
    If you do not have a firewall, here are a couple of great free ones available for personal use. Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here

    Do not install more than one firewall program because they will conflict with each other.

Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Here are some additional utilities that will further enhance your safety.
  • http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

  • http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.

  • http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-01-2008, 09:19 PM   #17 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 11
OS: win xp service pack 2


Re: Spyware keeps on coming back also can't shutdown from the start menu it's not sho
Thank You!!!
dangs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 03:31 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85