|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
12-29-2007, 09:43 PM
|
#1 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 15
OS: Vista
|
Can you help me please?
My computer has been acting kind of weird lately droppeing key strokes windows randomly opening and closing earlier i tried to do a netstat so i could check a connection to a computer on my home network and it came out as ^N^E^T^T^A^T kinda worried i might have gotten something nasty.
Logfile of HijackThis v1.99.1 Scan saved at 10:58:22 PM, on 12/29/2007 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\RtHDVCpl.exe C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\WINDOWS\System32\wpcumi.exe C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Windows\system32\wbem\unsecapp.exe C:\hp\kbd\kbd.exe C:\Windows\System32\mobsync.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8BNM6ME\dss[1].exe C:\PROGRA~1\HIJACK~1\Jason.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Lock My PC] C:\Program Files\LMPC3\lockpc.exe /s O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKLM\..\RunOnce: [LogiSPSetupNeedReboot] rundll32.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: PalTalk.lnk.disabled O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O11 - Options group: [INTERNATIONAL] International* O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe Thank you in advance for any help you might be able to provide. Sorry panda scan does not support vista or i went to the wrong place. Last edited by fin1983; 12-29-2007 at 10:01 PM. Reason: Forgot to atach extra.txt |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
01-07-2008, 09:14 PM
|
#4 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,938
OS: WinXP and Vista
|
Re: Can you help me please?
Hello fin1983 and welcome to TSF,
You're using an outdated version of HijackThis, and with this being a Vista system it's especially critical that you scan with the newest version. Uninstall HijackThis 1.99.1 via the Add/Remove programs, then please download HijackThis 2.02 to your desktop. Alternate link Double-click on the file you just downloaded. Click on the "Install" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis Upon install, HijackThis should open for you. Close it--do not run a scan with it. ------------------------------------------------- Now please run a new scan with dss.exe and post the main.txt in your next reply. No need to attach it, simply copy/paste the report directly into the reply box. |
|
|
|
|
01-07-2008, 11:38 PM
|
#5 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 15
OS: Vista
|
Re: Can you help me please?
Sorry about not having the updated version should have checked that. Thank you. Here is the new log file.
Deckard's System Scanner v20071014.68 Run by Jason on 2008-01-08 00:34:17 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Jason.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:34:19 AM, on 1/8/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\RtHDVCpl.exe C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe C:\WINDOWS\System32\wpcumi.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\hp\kbd\kbd.exe C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe C:\Users\Jason\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Jason.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Lock My PC] C:\Program Files\LMPC3\lockpc.exe /s O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PC Pitstop Optimize2 Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: PalTalk.lnk.disabled O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O13 - Gopher Prefix: O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10978 bytes -- Files created between 2007-12-08 and 2008-01-08 ----------------------------- 2008-01-08 00:30:02 0 d-------- C:\Program Files\Trend Micro 2008-01-02 14:42:31 0 d-------- C:\Program Files\GCFScape 2008-01-02 00  46 0 d-------- C:\Program Files\Valve Hammer Editor2008-01-01 17:31:40 0 d-------- C:\Program Files\SystemRequirementsLab 2007-12-31 18:36:56 0 d-------- C:\Program Files\SpywareBlaster 2007-12-30 20:13:07 0 d-------- C:\Users\All Users\CheckPoint 2007-12-30 20:11:42 0 d-------- C:\Windows\Internet Logs 2007-12-30 10:24:33 0 d-------- C:\Users\All Users\PCPitstop 2007-12-29 21:58:10 0 d-------- C:\Users\All Users\LogiShrd 2007-12-29 21:55:29 0 d-------- C:\Program Files\Common Files\Logishrd 2007-12-26 16:01:18 0 d-------- C:\Program Files\iTunes 2007-12-26 15:57:20 0 d-------- C:\Program Files\Apple Software Update 2007-12-26 15:56:41 0 d-------- C:\Program Files\Common Files\Apple 2007-12-26 15:56:40 0 d-------- C:\Users\All Users\Apple 2007-12-24 17:37:37 0 d-------- C:\Program Files\Common Files\Ahead 2007-12-24 16:47:07 0 d-------- C:\Users\All Users\Roxio 2007-12-24 16:47:05 0 d-------- C:\Program Files\Common Files\Sonic Shared 2007-12-23 00:09:17 0 d-------- C:\Program Files\Eternal Lands 2007-12-22 20:08:51 1149440 --a------ C:\Windows\themecpl.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-22 20:07:03 122880 --a------ C:\Windows\system32\DreamScene.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-20 22:44:34 0 d-------- C:\Windows\BBSTORE 2007-12-20 22:44:08 0 d-------- C:\Program Files\Riven DVD 2007-12-20 22:43:57 298496 --a------ C:\Windows\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller> 2007-12-20 09:52:48 0 d-------- C:\Program Files\Microsoft SQL Server 2007-12-20 09:49:04 0 d-------- C:\Program Files\Microsoft Synchronization Services 2007-12-20 09:49:04 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2007-12-20 09:45:52 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0 2007-12-20 09:45:35 0 d-------- C:\Program Files\Microsoft SDKs 2007-12-19 20:05:06 0 d-------- C:\Program Files\Paltalk Messenger Interop 2007-12-19 20:03:46 0 d-------- C:\Windows\PaltalkScene 2007-12-19 20:03:46 0 d-------- C:\Program Files\Paltalk Messenger 2007-12-19 19:24:52 0 d-------- C:\Program Files\Microsoft Silverlight 2007-12-18 02:31:29 161 --a------ C:\Users\Jason\anti.reg 2007-12-17 22:05:09 0 d-------- C:\Program Files\AusLogics Disk Defrag 2007-12-17 20:47:30 0 d-------- C:\Program Files\MudMagic 2007-12-17 19:20:44 0 d-------- C:\Program Files\IObit 2007-12-16 20:57:39 17797 --a------ C:\Windows\War3Unin.dat 2007-12-16 20:57:38 2829 --a------ C:\Windows\War3Unin.pif 2007-12-16 20:57:38 126976 --a------ C:\Windows\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller> 2007-12-16 20:55:29 0 d-------- C:\Program Files\Warcraft III 2007-12-13 23:41:47 0 d-------- C:\Users\All Users\Stardock 2007-12-12 15:17:27 0 d-------- C:\Program Files\DAEMON Tools Pro 2007-12-12 14:27:26 0 d-------- C:\Users\All Users\DAEMON Tools Pro 2007-12-12 14:26:03 715248 --a------ C:\Windows\system32\drivers\sptd.sys 2007-12-12 13:43:16 0 d-------- C:\Program Files\The Witcher 2007-12-11 15:05:03 0 d-------- C:\Program Files\StepMania 2007-12-11 13:46:02 3596288 --a------ C:\Windows\system32\qt-dx331.dll 2007-12-11 13:44:28 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2007-12-11 13:44:28 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2007-12-11 13:44:18 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2007-12-11 13:44:18 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2007-12-11 13:44:18 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2007-12-11 13:44:18 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2007-12-11 13:43:44 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll 2007-12-10 16:35:45 0 d-------- C:\Users\Jason\dog -- Find3M Report --------------------------------------------------------------- 2008-01-05 19:10:16 0 d-------- C:\Users\Jason\AppData\Roaming\uTorrent 2008-01-04 15:01:17 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-01-04 15:00:00 0 d-------- C:\Program Files\Norton Security Scan 2008-01-01 18:29:01 0 d-------- C:\Program Files\Common Files\Steam 2008-01-01 18:28:57 0 d-------- C:\Program Files\Steam 2008-01-01 18:27:26 0 d-------- C:\Program Files\VideoLAN 2008-01-01 18:25:41 0 d-------- C:\Program Files\Mgutil 2008-01-01 18:24:50 0 d-------- C:\Program Files\Google 2008-01-01 18:21:38 0 d-------- C:\Program Files\AviSynth 2.5 2008-01-01 18:20:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-31 20:52:28 0 d-------- C:\Users\Jason\AppData\Roaming\.mudmagic 2007-12-30 16:47:33 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-12-29 21:56:04 0 d-------- C:\Program Files\Common Files\Logitech 2007-12-29 21:55:29 0 d-------- C:\Program Files\Common Files 2007-12-29 21:55:25 0 d-------- C:\Users\Jason\AppData\Roaming\InstallShield 2007-12-26 23:46:38 0 --a------ C:\Users\Jason\AppData\Roaming\wklnhst.dat 2007-12-26 23:46:38 0 d-------- C:\Users\Jason\AppData\Roaming\Template 2007-12-26 16:01:20 0 d-------- C:\Program Files\iPod 2007-12-26 15:59:50 0 d-------- C:\Program Files\QuickTime 2007-12-26 15:31:23 0 d-------- C:\Users\Jason\AppData\Roaming\Ahead 2007-12-24 17:20:53 0 d-------- C:\Users\Jason\AppData\Roaming\Roxio 2007-12-24 16:48:08 0 d-------- C:\Program Files\Common Files\Roxio Shared 2007-12-24 16:48:06 0 d-------- C:\Program Files\Roxio 2007-12-24 16:48:06 0 d-------- C:\Program Files\Common Files\PX Storage Engine 2007-12-24 13:42:53 0 d-------- C:\Program Files\Nero 2007-12-23 17:33:39 0 d-------- C:\Users\Jason\AppData\Roaming\Google 2007-12-22 00:32:53 0 d-------- C:\Users\Jason\AppData\Roaming\vlc 2007-12-20 09:57:19 0 d-------- C:\Program Files\Microsoft.NET 2007-12-19 20:22:22 0 d-------- C:\Users\Jason\AppData\Roaming\.gaim 2007-12-19 20:04:50 0 d-------- C:\Users\Jason\AppData\Roaming\Paltalk 2007-12-18 09:12:21 0 d-------- C:\Users\Jason\AppData\Roaming\Nero8 2007-12-18 02:05:35 0 d-------- C:\Program Files\DivX 2007-12-17 22:05:12 0 d-------- C:\Users\Jason\AppData\Roaming\Auslogics 2007-12-17 22:03:21 0 d-------- C:\Program Files\Windows Live Safety Center 2007-12-17 15:17:41 0 d-------- C:\Users\Jason\AppData\Roaming\LimeWire 2007-12-12 15:19:22 0 d-------- C:\Users\Jason\AppData\Roaming\DAEMON Tools Pro 2007-12-08 00:14:26 0 d-------- C:\Program Files\VEMoDe 1.0b 2007-12-07 23:50:36 57344 --a------ C:\Windows\SSEUninstaller.exe <Not Verified; ; SSE Setup Uninstall Module by Chris Long 2004-2006. Freeware for non-commercial use.> 2007-12-07 23:50:31 32768 --a------ C:\Windows\system32\ShellLnkSSE.dll <Not Verified; ; pShellLink> 2007-12-07 23:50:31 44544 --a------ C:\Windows\system32\Gif89.dll <Not Verified; ; Gif89 Module> 2007-12-07 23:38:40 0 d-------- C:\Users\Jason\AppData\Roaming\Apple Computer 2007-12-04 23:57:34 0 d-------- C:\Users\Jason\AppData\Roaming\Mozilla 2007-12-04 15:36:58 0 d-------- C:\Program Files\Trillian 2007-12-03 23:09:53 0 d-------- C:\Program Files\GameSpy 2007-12-03 20:03:36 0 d-------- C:\Users\Jason\AppData\Roaming\InstallShield Installation Information 2007-12-03 19:47:02 0 d-------- C:\Program Files\Unreal Tournament 3 2007-12-03 18:34:30 0 d-------- C:\Users\Jason\AppData\Roaming\Adobe 2007-11-30 17:53:45 0 d-------- C:\Users\Jason\AppData\Roaming\yahoo! 2007-11-30 13:39:27 0 d-------- C:\Users\Jason\AppData\Roaming\Ventrilo 2007-11-30 13:39:11 0 d-------- C:\Program Files\Ventrilo 2007-11-30 13:10:15 0 d-------- C:\Program Files\LMPC3 2007-11-29 16:50:20 4096 --a------ C:\Windows\system32\sysres.dll 2007-11-29 16:50:20 38567 --a------ C:\Windows\system32\pcpbios.exe 2007-11-27 16:40:18 0 d-------- C:\Program Files\Activision 2007-11-27 16:13:50 0 d-------- C:\Program Files\TweakVI 2007-11-25 18:18:22 0 d-------- C:\Program Files\AskPBar 2007-11-22 23:16:12 0 d-------- C:\Program Files\LcdStudio 2007-11-22 23:15:50 0 d-------- C:\Program Files\Miranda IM 2007-11-22 23:14:50 0 d-------- C:\Program Files\Yahoo! 2007-11-22 23 18 0 d-------- C:\Users\Jason\AppData\Roaming\Hamachi2007-11-22 21 22 0 d-------- C:\Program Files\Hamachi2007-11-22 15:08:49 0 d-------- C:\Users\Jason\AppData\Roaming\Real 2007-11-22 15:00:25 0 d-------- C:\Users\Jason\AppData\Roaming\Nero 2007-11-22 12:14:38 0 d-------- C:\Program Files\Starcraft 2007-11-22 00:38:29 34898 --a------ C:\Windows\scunin.dat 2007-11-22 00:38:27 967 --a------ C:\Windows\ScUnin.pif 2007-11-22 00:38:27 70656 --a------ C:\Windows\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller> 2007-11-21 23:42:14 0 d-------- C:\Users\Jason\AppData\Roaming\Miranda 2007-11-21 09:46:36 0 d-------- C:\Program Files\Common Files\Microsoft Games 2007-11-21 09 18 0 d-------- C:\Program Files\Microsoft Games2007-11-20 19:17:16 0 d-------- C:\Users\Jason\AppData\Roaming\DivX 2007-11-19 22:32:58 0 d-------- C:\Program Files\DivoCodec 2007-11-19 22:30:08 0 d-------- C:\Program Files\VistaCodecPack 2007-11-18 00:31:26 0 d-------- C:\Users\Jason\AppData\Roaming\Winamp 2007-11-17 23:53:12 0 d-------- C:\Program Files\MediaMonkey 2007-11-17 21:16:25 0 d-------- C:\Program Files\Winamp 2007-11-15 20:03:34 4190208 --a------ C:\Bear.exe 2007-11-15 20:01:19 0 d-------- C:\Program Files\NCH Software 2007-11-14 03:00:56 0 d-------- C:\Program Files\Windows Mail 2007-11-13 14:30:20 7680 --a------ C:\Windows\system32\ff_vfw.dll 2007-11-12 10:43:32 0 d-------- C:\Program Files\PowerISO 2007-11-02 10:13:01 116119 --a------ C:\Windows\hpoins12.dat 2007-10-28 22:30:18 0 -rahs---- C:\MSDOS.SYS 2007-10-28 22:30:18 0 -rahs---- C:\IO.SYS 2007-10-28 22:30:12 12194 --a------ C:\Users\Jason\AppData\Roaming\PStrip.ini 2007-10-28 21:38:12 10931 --a------ C:\Users\Jason\AppData\Roaming\PStrip.bak 2007-10-28 21:10:09 11766 --a------ C:\Users\Jason\AppData\Roaming\PStrip.bk! 2007-10-28 20:10:45 10931 --a------ C:\Users\Jason\AppData\Roaming\PStrip.bko 2007-10-28 16:43:37 262144 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32> 2007-10-28 16:43:36 86016 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library> 2007-10-27 04:28:06 174 --ahs---- C:\Program Files\desktop.ini -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [10/27/2007 04:13 AM] "KBD"="C:\HP\KBD\KbdStub.EXE" [12/08/2006 10:16 AM] "RtHDVCpl"="RtHDVCpl.exe" [10/25/2007 05:52 AM C:\WINDOWS\RtHDVCpl.exe] "@"="" [] "SnapfishMediaDetector"="C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe" [03/02/2007 04:55 PM] "Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe" [04/26/2007 05:54 PM] "Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [04/26/2007 06:22 PM] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [09/21/2007 03:10 AM C:\WINDOWS\KHALMNPR.Exe] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [10/26/2007 08:50 PM] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [10/09/2007 11:28 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM] "Lock My PC"="C:\Program Files\LMPC3\lockpc.exe" [07/13/2006 12:02 AM] "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/17/2005 01:11 AM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM] "WPCUMI"="C:\Windows\system32\WpcUmi.exe" [11/02/2006 06:35 AM] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 10:56 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 12:10 PM] "PC Pitstop Optimize2 Reminder"="C:\Program Files\PCPitstop\Optimize2\Reminder.exe" [] "NvSvc"="C:\Windows\system32\nvsvc.dll" [12/11/2007 05:06 PM] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [12/11/2007 05:06 PM] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [12/11/2007 05:06 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [11/02/2006 06:35 AM] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 06:35 AM] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/27/2007 07:03 PM] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [07/03/2007 01:32 PM] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 06:36 AM] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [03/27/2007 03:22 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "Launcher"=%WINDIR%\SMINST\launcher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [12/29/2007 9:55:56 PM] PalTalk.lnk.disabled [12/19/2007 8:03:50 PM] Snapfish Media Detector.lnk - C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe [3/2/2007 4:55:02 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "LogonHoursAction"=2 (0x2) "DontDisplayLogonHoursWarnings"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "DisableLocalMachineRun"=0 (0x0) "DisableLocalMachineRunOnce"=0 (0x0) "DisableCurrentUserRun"=0 (0x0) "DisableCurrentUserRunOnce"=0 (0x0) "NoFolderOptions"=0 (0x0) "UseDefaultTile"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"=1 (0x1) "NoStartMenuPinnedList"=1 (0x1) "NoStartMenuMFUprogramsList"=1 (0x1) "StartMenuLogOff"=1 (0x1) "ClearRecentDocsOnExit"=1 (0x1) "NoSMBalloonTip"=1 (0x1) "StartMenuFavorites"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" "BySoft FreeRAM"=C:\Program Files\FinitySoft Memory Manger\MemoryManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum HPZ12 Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt hpqcxs08 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] applet\command- F:\autorun\autorun.exe /s AutoRun\command- F:\autorun\autorun.exe directx\command- F:\dxsetup\dxinst.exe ereg\command- F:\ereg\ereg32.exe install\command- F:\setup.exe installdemo\command- F:\j3setup\is_setup.exe qtim\command- F:\qtwsetup\setup.exe readfile\command- Notepad Readme.txt [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M] AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL M:\setup.hta [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-01-08 00:35:05 ------------ |
|
|
|
|
01-08-2008, 07:27 AM
|
#6 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,938
OS: WinXP and Vista
|
Re: Can you help me please?
Thank you, fin1983.
I'm not seeing any malware here. What is this file? Did you create this: C:\Users\Jason\anti.reg Let's see if an online scan reveals anything. Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html Answer Yes, when prompted to install an ActiveX component.
|
|
|
|
|
01-08-2008, 04:51 PM
|
#7 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 15
OS: Vista
|
Re: Can you help me please?
Sorry if about the wait didnt think it would take 6 hrs to scan my computer lol....I apperciate the help. The anit.reg file is one i made because Nortans removal too deleted a regkey i Avira needed to auto up date and i needed it added back in. Here is my log from the sacn you asked me to preform.
------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Tuesday, January 08, 2008 5:43:12 PM Operating System: Microsoft Windows Vista Home Edition, (Build 6000) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 8/01/2008 Kaspersky Anti-Virus database records: 504310 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ G:\ H:\ I:\ J:\ L:\ Scan Statistics: Total number of scanned objects: 156683 Number of viruses found: 2 Number of infected objects: 8 Number of suspicious objects: 0 Duration of the scan process: 02:35:21 Infected Object Name / Virus Name / Last Action C:\Deckard\System Scanner\20080108003415\backup\Users\Jason\AppData\Local\Temp\NERO13390\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped C:\Deckard\System Scanner\20080108003415\backup\Windows\temp\fwtsqmfile00.sqm Object is locked skipped C:\Deckard\System Scanner\20080108003415\backup\Windows\temp\fwtsqmfile01.sqm Object is locked skipped C:\Deckard\System Scanner\20080108003415\backup\Windows\temp\fwtsqmfile02.sqm Object is locked skipped C:\Deckard\System Scanner\20080108003415\backup\Windows\temp\fwtsqmfile03.sqm Object is locked skipped C:\Deckard\System Scanner\20080108003415\backup\Windows\temp\fwtsqmfile04.sqm Object is locked skipped C:\Deckard\System Scanner\20080108003415\backup\Windows\temp\fwtsqmfile05.sqm Object is locked skipped C:\Deckard\System Scanner\20080108003415\backup\Windows\temp\fwtsqmfile06.sqm Object is locked skipped C:\Deckard\System Scanner\20080108003415\backup\Windows\temp\fwtsqmfile07.sqm Object is locked skipped C:\Deckard\System Scanner\20080108003415\backup\Windows\temp\fwtsqmfile08.sqm Object is locked skipped C:\Deckard\System Scanner\20080108003415\backup\Windows\temp\fwtsqmfile09.sqm Object is locked skipped C:\Deckard\System Scanner\20080108003415\backup\Windows\temp\fwtsqmfile10.sqm Object is locked skipped C:\Deckard\System Scanner\20080108003415\backup\Windows\temp\fwtsqmfile11.sqm Object is locked skipped C:\Deckard\System Scanner\20080108003415\backup\Windows\temp\fwtsqmfile12.sqm Object is locked skipped C:\Deckard\System Scanner\20080108003415\backup\Windows\temp\fwtsqmfile13.sqm Object is locked skipped C:\Deckard\System Scanner\20080108003415\backup\Windows\temp\fwtsqmfile14.sqm Object is locked skipped C:\Deckard\System Scanner\20080108003415\backup\Windows\temp\fwtsqmfile15.sqm Object is locked skipped C:\Deckard\System Scanner\20080108003415\backup\Windows\temp\fwtsqmfile16.sqm Object is locked skipped C:\Deckard\System Scanner\20080108003415\backup\Windows\temp\fwtsqmfile17.sqm Object is locked skipped C:\Deckard\System Scanner\20080108003415\backup\Windows\temp\fwtsqmfile18.sqm Object is locked skipped C:\Deckard\System Scanner\20080108003415\backup\Windows\temp\fwtsqmfile19.sqm Object is locked skipped C:\Program Files\PC-Doctor 5 for Windows\Configuration\config.xml Object is locked skipped C:\ProgramData\Hewlett-Packard\HP Print Settings\HPmi4gbk.cfg Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0090295aa4d672c68f4122d8785a6e5c_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\039a0d0ad99b1e822549bac0ad4831df_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0686dffb2978ce4310397f8a2bdf49bf_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\251174a3a021159fc70168ef51bc2551_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2a1b14f3cc8965aac56ea0121f3fefa0_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\388122d2ec637c046b2e92aa5d0e28a1_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\45054057c7260f098f57d4ae27900607_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\49cdf8109aebf321fcfa077119b65540_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4b32c1f7d1c99a04f45ab86a59f6b468_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4f662b513b965095fa5407146e53ac34_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\504a622d9ecb69f5d988120ab29bbd36_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6351e8adfbee657031210158236e6f4b_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\70ef46ad113cabfac15ab5cb9cad080a_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7ce65634d70df304d8bd26a533d3a90f_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7e507a5a0685608c2b0f7630a6d2b308_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9471ab2779c60453316ad6feb0d5c1dc_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a8933efc74d59c36f508ac8ea11d2059_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\af31dfa018e1ded7bced88f20f624568_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b367fc9360f923056dac0bfd7fdb8bf0_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b48a7cf888d15c5579cd58cf9dee4560_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b549f5b17a2cc8c2eb9dfa2c18985197_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b78c4b2d828bdd3b0374f4e1c8b2cf2e_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c478b351e51a5f8e19a09578fd160858_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c6a4418fd8655131a2ee2be0db8aaea5_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c7709b30b69cd5d50a4e7981d89ff3a5_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c8a2865f94920b61c4d943b315a13aa8_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c98471418d83e118fd573e4c25b30e40_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d19e1804766e569ff47a8ca07e2db71b_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d7105ac4eba1f962267390754a8f78a1_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\de395363f350fb3295d45bb7286e4f6e_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\eead386c7e624f2e2b48e4c83d3bcbc6_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f3d69df1a7bbd1606a874108f5f254e4_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f97f81c74ac0e7ff9a9fda8f88a07e1d_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fac25991d0becf998be027bf361e12f4_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fd9a0a49ee381010691719a37e8cc761_b10ffbef-f9db-4016-b55e-efab8ced9c02 Object is locked skipped C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp Object is locked skipped C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped C:\Users\Jason\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped C:\Users\Jason\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008010820080109\index.dat Object is locked skipped C:\Users\Jason\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped C:\Users\Jason\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008010820080109\index.dat Object is locked skipped C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped C:\Users\Jason\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Users\Jason\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped C:\Users\Jason\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped C:\Users\Jason\AppData\Local\Microsoft\Windows\UsrClass.dat{2d9931ea-8417-11dc-a902-001bb987b4ed}.TM.blf Object is locked skipped C:\Users\Jason\AppData\Local\Microsoft\Windows\UsrClass.dat{2d9931ea-8417-11dc-a902-001bb987b4ed}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Users\Jason\AppData\Local\Microsoft\Windows\UsrClass.dat{2d9931ea-8417-11dc-a902-001bb987b4ed}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Users\Jason\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Users\Jason\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped C:\Users\Jason\AppData\Local\Microsoft\Windows Defender\FileTracker\{BAECE32D-344E-4D81-9107-7276846677EA} Object is locked skipped C:\Users\Jason\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped C:\Users\Jason\AppData\Local\Temp\logger.log Object is locked skipped C:\Users\Jason\AppData\Local\Temp\Low\~DF4F1A.tmp Object is locked skipped C:\Users\Jason\AppData\Local\Temp\Low\~DF4F23.tmp Object is locked skipped C:\Users\Jason\AppData\Local\VirtualStore\Program Files\Yahoo!\Messenger\logs\billing_Jason.log Object is locked skipped C:\Users\Jason\AppData\Local\VirtualStore\Program Files\Yahoo!\Messenger\logs\client_Jason.log Object is locked skipped C:\Users\Jason\AppData\Local\VirtualStore\Program Files\Yahoo!\Messenger\logs\network_Jason.log Object is locked skipped C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped C:\Users\Jason\AppData\Roaming\Snapfish\Client\Log\detector.log Object is locked skipped C:\Users\Jason\NTUSER.DAT Object is locked skipped C:\Users\Jason\ntuser.dat.LOG1 Object is locked skipped C:\Users\Jason\ntuser.dat.LOG2 Object is locked skipped C:\Users\Jason\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped C:\Users\Jason\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Users\Jason\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Users\Jason\Shared\01 Track 1.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped C:\Users\Jason\Shared\03 Track 3.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped C:\Users\Jason\Shared\06 Track 6.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped C:\Users\Jason\Shared\07 Track 7.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped C:\Users\Jason\Shared\Rare Recording.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped C:\Users\Jason\Shared\Top of Charts - 2005.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped C:\Users\Jason\Shared\TOTALLY HIP TRACK.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped C:\Users\Public\Recorded TV\TempRec\TempSBE\MSDVRMM_2193085749_1572864_31922 Object is locked skipped C:\Users\Public\Recorded TV\TempRec\TempSBE\MSDVRMM_2193085749_262144_2900 Object is locked skipped C:\Users\Public\Recorded TV\TempRec\TempSBE\SBE4C3B.tmp Object is locked skipped C:\Users\Public\Recorded TV\TempRec\TempSBE\SBEBD94.tmp Object is locked skipped C:\Users\Public\Recorded TV\TempRec\{2CB2082E-DE73-4ED8-9C66-94E3F2C6F67E}.TmpSBE Object is locked skipped C:\Users\Public\Recorded TV\TempRec\{3CED4536-F03C-4872-B9E0-DB2211D3AD5F}.TmpSBE Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Debug\sam.log Object is locked skipped C:\WINDOWS\Debug\WIA\wiatrace.log Object is locked skipped C:\WINDOWS\Installer\MSI38CE.tmp Object is locked skipped C:\WINDOWS\Logs\CBS\CBS.log Object is locked skipped C:\WINDOWS\Logs\CBS\CBS.persist.log Object is locked skipped C:\WINDOWS\Logs\DPX\setupact.log Object is locked skipped C:\WINDOWS\Logs\DPX\setuperr.log Object is locked skipped C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped C:\WINDOWS\Panther\UnattendGC\diagerr.xml Object is locked skipped C:\WINDOWS\Panther\UnattendGC\diagwrn.xml Object is locked skipped C:\WINDOWS\Panther\UnattendGC\setupact.log Object is locked skipped C:\WINDOWS\Panther\UnattendGC\setuperr.log Object is locked skipped C:\WINDOWS\security\database\secedit.sdb Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped C:\WINDOWS\System32\catroot2\edb.log Object is locked skipped C:\WINDOWS\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped C:\WINDOWS\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped C:\WINDOWS\System32\config\COMPONENTS Object is locked skipped C:\WINDOWS\System32\config\COMPONENTS.LOG1 Object is locked skipped C:\WINDOWS\System32\config\COMPONENTS.LOG2 Object is locked skipped C:\WINDOWS\System32\config\DEFAULT Object is locked skipped C:\WINDOWS\System32\config\DEFAULT.LOG1 Object is locked skipped C:\WINDOWS\System32\config\DEFAULT.LOG2 Object is locked skipped C:\WINDOWS\System32\config\SAM Object is locked skipped C:\WINDOWS\System32\config\SAM.LOG1 Object is locked skipped C:\WINDOWS\System32\config\SAM.LOG2 Object is locked skipped C:\WINDOWS\System32\config\SECURITY Object is locked skipped C:\WINDOWS\System32\config\SECURITY.LOG1 Object is locked skipped C:\WINDOWS\System32\config\SECURITY.LOG2 Object is locked skipped C:\WINDOWS\System32\config\SOFTWARE Object is locked skipped C:\WINDOWS\System32\config\SOFTWARE.LOG1 Object is locked skipped C:\WINDOWS\System32\config\SOFTWARE.LOG2 Object is locked skipped C:\WINDOWS\System32\config\SYSTEM Object is locked skipped C:\WINDOWS\System32\config\SYSTEM.LOG1 Object is locked skipped C:\WINDOWS\System32\config\SYSTEM.LOG2 Object is locked skipped C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped C:\WINDOWS\System32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\System32\LogFiles\Scm\SCM.EVM Object is locked skipped C:\WINDOWS\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\System32\restore\MachineGuid.txt Object is locked skipped C:\WINDOWS\System32\spool\SpoolerETW.etl Object is locked skipped C:\WINDOWS\System32\sysprep\Panther\diagerr.xml Object is locked skipped C:\WINDOWS\System32\sysprep\Panther\diagwrn.xml Object is locked skipped C:\WINDOWS\System32\sysprep\Panther\setupact.log Object is locked skipped C:\WINDOWS\System32\sysprep\Panther\setuperr.log Object is locked skipped C:\WINDOWS\System32\wbem\AutoRecover\10A9EB2C94277C0A1A6143B54809F210.mof Object is locked skipped C:\WINDOWS\System32\wbem\AutoRecover\1EBE968EB7AF815A32641E6185350A9E.mof Object is locked skipped C:\WINDOWS\System32\wbem\AutoRecover\21D7529435092A1DD242FD6ACF494493.mof Object is locked skipped C:\WINDOWS\System32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof Object is locked skipped C:\WINDOWS\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped C:\WINDOWS\System32\wbem\AutoRecover\75054C3771DF289038069A9BB1C1FB6E.mof Object is locked skipped C:\WINDOWS\System32\wbem\AutoRecover\7BDE76979585395D59B5DA1D62E63C50.mof Object is locked skipped C:\WINDOWS\System32\wbem\AutoRecover\B8F066315788F9A2DF744CF3A9F7F3D6.mof Object is locked skipped C:\WINDOWS\System32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof Object is locked skipped C:\WINDOWS\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped C:\WINDOWS\System32\wbem\Logs\WMITracing.log Object is locked skipped C:\WINDOWS\System32\wbem\Repository\INDEX.BTR Object is locked skipped C:\WINDOWS\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped C:\WINDOWS\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped C:\WINDOWS\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Application.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Media Center.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\ODiag.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\OSession.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Security.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\Setup.evtx Object is locked skipped C:\WINDOWS\System32\winevt\Logs\System.evtx Object is locked skipped C:\WINDOWS\Tasks\HPCeeScheduleForJason.job Object is locked skipped C:\WINDOWS\Tasks\SCHEDLGU.TXT Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\WINDOWS\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped D:\$RECYCLE.BIN\Desktop.ini Object is locked skipped D:\$RECYCLE.BIN\Protect.ed Object is locked skipped Scan process completed. looks pretty nasty in a couple of .wma trojans  ill not get rid of any thing on my own though.
|
|
|
|
|
01-08-2008, 10:31 PM
|
#8 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,938
OS: WinXP and Vista
|
Re: Can you help me please?
You're correct. Go right ahead and delete these:
C:\Users\Jason\Shared\01 Track 1.wma C:\Users\Jason\Shared\03 Track 3.wma C:\Users\Jason\Shared\06 Track 6.wma C:\Users\Jason\Shared\07 Track 7.wma C:\Users\Jason\Shared\Rare Recording.wma C:\Users\Jason\Shared\Top of Charts - 2005.wma C:\Users\Jason\Shared\TOTALLY HIP TRACK.wma ---------------------------------------- How is the system behaving? Any improvement? |
|
|
|
|
01-08-2008, 11:16 PM
|
#9 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 15
OS: Vista
|
Re: Can you help me please?
When ever i try to type in the command prompt I still get the ^before every letter ive never seen that before in my life....Although it is not dropping key strokes normally and the windows quit randomly popping up with my last S&D update/scan. So it seems to be doing better ill just have to do some more research. Thank you for your time.
|
|
|
|
|
01-08-2008, 11:28 PM
|
#10 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,938
OS: WinXP and Vista
|
Re: Can you help me please?
Quote:
|
|
|
|
|
|
01-09-2008, 03:21 PM
|
#11 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 15
OS: Vista
|
Re: Can you help me please?
Although i can see no reason that this paticular one would have caused the issues with the windows opening and closing it has subsided since the scan completed.
Log Attached 07.01.2007 11:13:07 - ##### check started ##### 07.01.2007 11:13:07 - ### Version: 1.5 07.01.2007 11:13:07 - ### Date: 01/07/2008 11:13:07 AM 07.01.2007 11:13:08 - ##### checking bots ##### 07.01.2007 11:19:49 - found: Microsoft.Windows.disableSystemRestore Settings 07.01.2007 11:27:00 - ##### check finished ##### |
|
|
|
|
01-09-2008, 05:25 PM
|
#12 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 15
OS: Vista
|
Re: Can you help me please?
Thinking back to my dos days thought the ^'s in my command prompt could come from key loggers so if you could please mabye look at this log and let me know if i should just do a harddrive wipe to get rid of the mess i seem to have gotten or if there is some other option i might have.
|
|
|
|
|
01-09-2008, 10:09 PM
|
#13 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,938
OS: WinXP and Vista
|
Re: Can you help me please?
Let's see if this tool ferrets anything out:
Download Combofix from any of the links below, and save it to your desktop. Link 1 Link 2 Link 3 **Note: It is important that it is saved directly to your desktop** -------------------------------------------------------------------- 1. Disconnect from the internet. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. -------------------------------------------------------------------- Double click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt here for review. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall |
|
|
|
|
01-09-2008, 10:59 PM
|
#14 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 15
OS: Vista
|
Re: Can you help me please?
ComboFix 08-01-10.2 - Jason 2008-01-09 23:56:21.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1713 [GMT -6:00] Running from: C:\Users\Jason\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))) . 2008-01-09 23:55 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-09 22:43 . 2008-01-09 22:43 <DIR> d-------- C:\Program Files\YPoolAimer-Trial 2008-01-09 22:40 . 2008-01-09 23:10 <DIR> d-a------ C:\Users\All Users\TEMP 2008-01-09 22:40 . 2008-01-09 22:40 <DIR> d-------- C:\Users\All Users\eSellerate 2008-01-09 22:40 . 2008-01-09 23:10 <DIR> d-a------ C:\ProgramData\TEMP 2008-01-09 22:40 . 2008-01-09 22:40 <DIR> d-------- C:\ProgramData\eSellerate 2008-01-09 22:40 . 2008-01-09 23:08 <DIR> d-------- C:\Program Files\Common Files\eSellerate 2008-01-09 09:41 . 2008-01-09 09:41 <DIR> d--h----- C:\WINDOWS\System32\CanonIJ Uninstaller Information 2008-01-09 09:41 . 2008-01-09 09:41 <DIR> d--h----- C:\Users\All Users\CanonBJ 2008-01-09 09:41 . 2008-01-09 09:41 <DIR> d--h----- C:\ProgramData\CanonBJ 2008-01-09 09:40 . 2008-01-09 09:41 <DIR> d-------- C:\WINDOWS\LastGood 2008-01-09 09:40 . 2008-01-09 09:40 <DIR> d--h----- C:\Program Files\CanonBJ 2008-01-09 09:40 . 2006-07-21 00:51 1,298,432 --a------ C:\WINDOWS\System32\CNCC160.DLL 2008-01-09 09:40 . 2006-09-13 14:00 197,632 --a------ C:\WINDOWS\System32\CNMLM83.DLL 2008-01-09 09:40 . 2006-05-26 19:54 135,168 --a------ C:\WINDOWS\System32\CNCL160.DLL 2008-01-09 09:40 . 2006-06-29 23:29 106,496 --a------ C:\WINDOWS\System32\cnco160.dll 2008-01-09 09:40 . 2006-07-21 00:51 57,344 --a------ C:\WINDOWS\System32\CNCI160.DLL 2008-01-08 23:09 . 2008-01-09 09:30 <DIR> d-------- C:\Users\Jason\AppData\Roaming\OpenOffice.org2 2008-01-08 23:07 . 2008-01-08 23:07 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3 2008-01-08 22:40 . 2008-01-08 22:40 <DIR> d-------- C:\Program Files\MagicDisc 2008-01-08 22:40 . 2007-09-05 01:46 92,544 --a------ C:\WINDOWS\System32\drivers\mcdbus.sys 2008-01-08 22:39 . 2008-01-08 22:39 <DIR> d-------- C:\Program Files\MagicISO 2008-01-08 19:59 . 2008-01-08 19:59 <DIR> d-------- C:\Program Files\Azureus 2008-01-08 19:33 . 2008-01-08 19:33 <DIR> d-------- C:\Program Files\VeryPDF PDF2Word v3.0 2008-01-08 19:33 . 2008-01-08 19:37 185 --a------ C:\WINDOWS\pdf2word.INI 2008-01-08 19:13 . 2008-01-08 19:13 <DIR> d-------- C:\Program Files\Foxit Software 2008-01-08 09:31 . 2008-01-09 21:07 <DIR> d-------- C:\Program Files\Cheat Engine 2008-01-08 09:31 . 2007-12-26 17:30 1,970,176 --a------ C:\WINDOWS\System32\d3dx9.dll 2008-01-08 09:31 . 2007-12-26 17:30 679,936 --a------ C:\WINDOWS\System32\D3DX81ab.dll 2008-01-08 08:45 . 2008-01-08 08:45 <DIR> d-------- C:\WINDOWS\System32\Kaspersky Lab 2008-01-08 00:30 . 2008-01-08 00:30 <DIR> d-------- C:\Program Files\Trend Micro 2008-01-02 00:06 . 2008-01-02 14:20 <DIR> d-------- C:\Program Files\Valve Hammer Editor 2008-01-01 17:31 . 2008-01-01 17:31 <DIR> d-------- C:\Program Files\SystemRequirementsLab 2007-12-31 21:26 . 2000-02-11 16:58 995,383 --a------ C:\WINDOWS\System32\temp.002 2007-12-31 21:26 . 2000-03-07 15:22 278,581 --a------ C:\WINDOWS\System32\temp.001 2007-12-31 21:26 . 1998-06-16 19:45 77,878 --a------ C:\WINDOWS\System32\temp.000 2007-12-31 18:45 . 2007-12-31 18:45 45 --a------ C:\WINDOWS\System32\initdebug.nfo 2007-12-31 18:36 . 2007-12-31 18:37 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-12-30 20:39 . 2007-07-02 15:02 3,073,320 --a------ C:\WINDOWS\System32\AdvrCntr2D6E0B790.dll 2007-12-30 20:13 . 2007-12-30 20:13 <DIR> d-------- C:\Users\All Users\CheckPoint 2007-12-30 20:13 . 2007-12-30 20:13 <DIR> d-------- C:\ProgramData\CheckPoint 2007-12-30 20:12 . 2007-12-30 20:12 803,840 --a------ C:\WINDOWS\System32\drivers\tcpip.sys 2007-12-30 20:12 . 2007-12-30 20:12 217,272 --a------ C:\WINDOWS\System32\drivers\netio.sys 2007-12-30 20:12 . 2007-12-30 20:12 167,424 --a------ C:\WINDOWS\System32\tcpipcfg.dll 2007-12-30 20:12 . 2007-12-30 20:12 22,016 --a------ C:\WINDOWS\System32\netiougc.exe 2007-12-30 20:11 . 2008-01-01 18:36 <DIR> d-------- C:\WINDOWS\Internet Logs 2007-12-30 10:24 . 2007-12-30 10:24 <DIR> d-------- C:\Users\All Users\PCPitstop 2007-12-30 10:24 . 2007-12-30 10:24 <DIR> d-------- C:\ProgramData\PCPitstop 2007-12-29 22:54 . 2007-12-29 22:59 <DIR> d-------- C:\Deckard 2007-12-29 21:58 . 2007-12-29 21:58 <DIR> d-------- C:\Users\All Users\LogiShrd 2007-12-29 21:58 . 2007-12-29 21:58 <DIR> d-------- C:\ProgramData\LogiShrd 2007-12-29 21:55 . 2007-12-29 21:55 <DIR> d-------- C:\Users\Jason\AppData\Roaming\InstallShield 2007-12-29 21:55 . 2007-12-29 21:56 <DIR> d-------- C:\Program Files\Common Files\Logishrd 2007-12-29 21:55 . 2007-11-15 10:06 301,656 --a------ C:\WINDOWS\System32\BtCoreIf.dll 2007-12-27 12:59 . 2007-12-27 12:59 432 --a------ C:\log.udt 2007-12-26 23:46 . 2008-01-08 19:23 <DIR> d-------- C:\Users\Jason\AppData\Roaming\Template 2007-12-26 23:46 . 2008-01-08 19:38 80 --a------ C:\Users\Jason\AppData\Roaming\wklnhst.dat 2007-12-26 16:01 . 2007-12-26 16:01 <DIR> d-------- C:\Program Files\iTunes 2007-12-26 15:58 . 2007-12-29 21:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-26 15:58 . 2007-12-26 15:58 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-26 15:57 . 2007-12-26 15:57 <DIR> d-------- C:\Program Files\Apple Software Update 2007-12-26 15:56 . 2007-12-26 15:56 <DIR> d-------- C:\Users\All Users\Apple 2007-12-26 15:56 . 2007-12-26 15:56 <DIR> d-------- C:\ProgramData\Apple 2007-12-26 15:56 . 2007-12-26 15:56 <DIR> d-------- C:\Program Files\Common Files\Apple 2007-12-26 15:33 . 2007-12-26 15:33 391 --a------ C:\WINDOWS\COVERE~1.INI 2007-12-24 17:37 . 2007-12-24 17:38 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-12-24 16:47 . 2007-12-24 16:47 <DIR> d-------- C:\Users\All Users\Roxio 2007-12-24 16:47 . 2007-12-24 16:47 <DIR> d-------- C:\ProgramData\Roxio 2007-12-24 16:47 . 2007-12-24 16:47 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared 2007-12-24 15:20 . 2007-07-02 15:02 996,648 --a------ C:\WINDOWS\System32\ShellManager10E2D762.dll 2007-12-24 15:20 . 2007-07-02 14:19 638,976 --a------ C:\WINDOWS\System32\NEROINSTAEC43759.DB 2007-12-23 00:09 . 2007-12-26 01:17 <DIR> d-------- C:\Program Files\Eternal Lands 2007-12-22 20:08 . 2007-01-27 12:19 1,149,440 --a------ C:\WINDOWS\themecpl.dll 2007-12-22 20:07 . 2007-04-24 18:47 122,880 --a------ C:\WINDOWS\System32\DreamScene.dll 2007-12-22 00:54 . 2006-11-02 03:46 1,137,664 --a------ C:\WINDOWS\System32\themecpl.dll.original 2007-12-22 00:29 . 2007-12-22 00:32 <DIR> d-------- C:\Users\Jason\AppData\Roaming\vlc 2007-12-20 22:44 . 2007-12-20 22:44 <DIR> d-------- C:\WINDOWS\BBSTORE 2007-12-20 22:44 . 2007-12-20 22:55 <DIR> d-------- C:\Program Files\Riven DVD 2007-12-20 22:44 . 2007-12-20 22:44 0 --------- C:\WINDOWS\QTW.ini 2007-12-20 22:43 . 1996-08-16 13:49 298,496 --a------ C:\WINDOWS\uninst.exe 2007-12-20 09:52 . 2007-12-20 10:00 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2007-12-20 09:49 . 2007-12-20 09:49 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services 2007-12-20 09:49 . 2007-12-20 09:49 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2007-12-20 09:45 . 2007-12-20 09:49 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0 2007-12-20 09:45 . 2007-12-20 09:45 <DIR> d-------- C:\Program Files\Microsoft SDKs 2007-12-20 09:44 . 2007-12-20 09:44 779,800 --a------ C:\WINDOWS\System32\PresentationNative_v0300.dll 2007-12-20 09:44 . 2007-12-20 09:44 579,584 --a------ C:\WINDOWS\System32\icardagt.exe 2007-12-20 09:44 . 2007-12-20 09:44 350,744 --a------ C:\WINDOWS\System32\PresentationHost.exe 2007-12-20 09:44 . 2007-12-20 09:44 106,520 --a------ C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll 2007-12-20 09:44 . 2007-12-20 09:44 88,576 --a------ C:\WINDOWS\System32\infocardapi.dll 2007-12-20 09:44 . 2007-12-20 09:44 33,304 --a------ C:\WINDOWS\System32\PresentationHostProxy.dll 2007-12-20 09:44 . 2007-12-20 09:44 28,160 --a------ C:\WINDOWS\System32\infocardcpl.cpl 2007-12-20 09:44 . 2007-12-20 09:44 11,776 --a------ C:\WINDOWS\System32\icardres.dll 2007-12-20 09:39 . 2007-12-20 09:39 282,112 --a------ C:\WINDOWS\System32\mscoree.dll 2007-12-20 09:39 . 2007-12-20 09:39 158,720 --a------ C:\WINDOWS\System32\mscorier.dll 2007-12-20 09:39 . 2007-12-20 09:39 96,760 --a------ C:\WINDOWS\System32\dfshim.dll 2007-12-20 09:39 . 2007-12-20 09:39 84,480 --a------ C:\WINDOWS\System32\mscories.dll 2007-12-20 09:39 . 2007-12-20 09:39 41,984 --a------ C:\WINDOWS\System32\netfxperf.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-09 15:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-09 06:02 --------- d-----w C:\Users\Jason\AppData\Roaming\Azureus 2008-01-09 03:01 --------- d-----w C:\ProgramData\Microsoft Help 2008-01-09 01:55 --------- d-----w C:\Users\Jason\AppData\Roaming\uTorrent 2008-01-08 08:26 --------- d-----w C:\Program Files\Yahoo! 2008-01-04 21:00 --------- d-----w C:\Program Files\Norton Security Scan 2008-01-02 00:36 --------- d-----w C:\ProgramData\NVIDIA 2008-01-02 00:29 --------- d-----w C:\Program Files\Common Files\Steam 2008-01-02 00:28 --------- d-----w C:\Program Files\Steam 2008-01-02 00:27 --------- d-----w C:\Program Files\VideoLAN 2008-01-02 00:25 --------- d-----w C:\Program Files\Mgutil 2008-01-02 00:24 --------- d-----w C:\Program Files\Google 2008-01-02 00:21 --------- d-----w C:\Program Files\AviSynth 2.5 2008-01-02 00:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-01-01 02:52 --------- d-----w C:\Users\Jason\AppData\Roaming\.mudmagic 2007-12-30 22:47 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-30 03:56 --------- d-----w C:\Program Files\Common Files\Logitech 2007-12-26 22:01 --------- d-----w C:\Program Files\iPod 2007-12-26 21:59 --------- d-----w C:\ProgramData\Apple Computer 2007-12-26 21:59 --------- d-----w C:\Program Files\QuickTime 2007-12-26 21:31 --------- d-----w C:\Users\Jason\AppData\Roaming\Ahead 2007-12-24 23:37 --------- d-----w C:\ProgramData\Nero 2007-12-24 23:20 --------- d-----w C:\Users\Jason\AppData\Roaming\Roxio 2007-12-24 22:48 --------- d-----w C:\Program Files\Roxio 2007-12-24 22:48 --------- d-----w C:\Program Files\Common Files\Roxio Shared 2007-12-24 22:48 --------- d-----w C:\Program Files\Common Files\PX Storage Engine 2007-12-24 19:42 --------- d-----w C:\Program Files\Nero 2007-12-20 15:57 --------- d-----w C:\Program Files\Microsoft.NET 2007-12-20 02:22 --------- d-----w C:\Users\Jason\AppData\Roaming\.gaim 2007-12-18 08:05 --------- d-----w C:\Program Files\DivX 2007-12-18 04:03 --------- d-----w C:\Program Files\Windows Live Safety Center 2007-12-17 21:17 --------- d-----w C:\Users\Jason\AppData\Roaming\LimeWire 2007-12-12 20:33 56,320 ----a-w C:\Windows\System32\iesetup.dll 2007-12-12 20:33 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2007-12-12 20:33 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-12-12 00:52 356,352 ----a-w C:\Windows\System32\nvuninst.exe 2007-12-11 23:06 86,016 ----a-w C:\Windows\System32\nvsvc.dll 2007-12-11 23:06 81,920 ----a-w C:\Windows\System32\nvmctray.dll 2007-12-11 23:06 8,530,464 ----a-w C:\Windows\System32\nvcpl.dll 2007-12-11 23:06 8,238,688 ----a-w C:\Windows\system32\drivers\nvlddmkm.sys 2007-12-11 23:06 795,104 ----a-w C:\Windows\System32\dpinst.exe 2007-12-11 23:06 753,664 ----a-w C:\Windows\System32\nvcplui.exe 2007-12-11 23:06 7,098,368 ----a-w C:\Windows\System32\nvoglv32.dll 2007-12-11 23:06 6,549,504 ----a-w C:\Windows\System32\nvdisps.dll 2007-12-11 23:06 5,263,360 ----a-w C:\Windows\System32\nvd3dum.dll 2007-12-11 23:06 45,056 ----a-w C:\Windows\System32\nvmccsrs.dll 2007-12-11 23:06 385,024 ----a-w C:\Windows\System32\nvapi.dll 2007-12-11 23:06 356,352 ----a-w C:\Windows\System32\nvudisp.exe 2007-12-11 23:06 35,328 ----a-w C:\Windows\System32\nvcod100.dll 2007-12-11 23:06 35,328 ----a-w C:\Windows\System32\nvcod.dll 2007-12-11 23:06 307,200 ----a-w C:\Windows\System32\nvexpbar.dll 2007-12-11 23:06 3,710,976 ----a-w C:\Windows\System32\nvvitvs.dll 2007-12-11 23:06 3,420,160 ----a-w C:\Windows\System32\nvgames.dll 2007-12-11 23:06 229,376 ----a-w C:\Windows\System32\nvmccs.dll 2007-12-11 23:06 2,498,560 ----a-w C:\Windows\System32\nvwss.dll 2007-12-11 23:06 188,416 ----a-w C:\Windows\System32\nvmccss.dll 2007-12-11 23:06 147,456 ----a-w C:\Windows\System32\nvcolor.exe 2007-12-11 23:06 1,830,912 ----a-w C:\Windows\System32\nvwgf2um.dll 2007-12-11 23:06 1,228,800 ----a-w C:\Windows\System32\nvmobls.dll 2007-12-11 19:44 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll 2007-12-11 19:44 823,296 ----a-w C:\Windows\System32\divx_xx07.dll 2007-12-11 19:44 81,920 ----a-w C:\Windows\System32\dpl100.dll 2007-12-11 19:44 802,816 ----a-w C:\Windows\System32\divx_xx11.dll 2007-12-11 19:44 682,496 ----a-w C:\Windows\System32\DivX.dll 2007-12-11 19:44 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll 2007-12-11 19:44 57,344 ----a-w C:\Windows\System32\dpv11.dll 2007-12-11 19:44 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll 2007-12-11 19:44 344,064 ----a-w C:\Windows\System32\dpus11.dll 2007-12-11 19:44 294,912 ----a-w C:\Windows\System32\dpu11.dll 2007-12-11 19:44 294,912 ----a-w C:\Windows\System32\dpu10.dll 2007-12-11 19:44 196,608 ----a-w C:\Windows\System32\dtu100.dll 2007-12-11 19:44 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe 2007-12-08 06:14 --------- d-----w C:\Program Files\VEMoDe 1.0b 2007-12-08 05:50 57,344 ----a-w C:\Windows\SSEUninstaller.exe 2007-12-08 05:50 44,544 ----a-w C:\Windows\System32\Gif89.dll 2007-12-08 05:50 32,768 ----a-w C:\Windows\System32\ShellLnkSSE.dll 2007-12-08 05:38 --------- d-----w C:\Users\Jason\AppData\Roaming\Apple Computer 2007-12-07 21:05 --------- d-----w C:\ProgramData\Symantec 2007-12-04 21:36 --------- d-----w C:\Program Files\Trillian 2007-12-04 05:09 --------- d-----w C:\Program Files\GameSpy 2007-12-04 02:03 --------- d-----w C:\Users\Jason\AppData\Roaming\InstallShield Installation Information 2007-12-04 01:47 --------- d-----w C:\Program Files\Unreal Tournament 3 2007-11-30 23:53 --------- d-----w C:\Users\Jason\AppData\Roaming\yahoo! 2007-11-30 19:39 --------- d-----w C:\Users\Jason\AppData\Roaming\Ventrilo 2007-11-30 19:39 --------- d-----w C:\Program Files\Ventrilo 2007-11-30 19:10 --------- d-----w C:\Program Files\LMPC3 2007-11-29 22:50 4,096 ----a-w C:\Windows\System32\sysres.dll 2007-11-29 22:50 38,567 ----a-w C:\Windows\System32\pcpbios.exe 2007-11-29 02:13 --------- d-----w C:\ProgramData\DVD Shrink 2007-11-28 16:31 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2007-11-28 16:31 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe 2007-11-28 04:42 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe 2007-11-27 22:52 22,328 ----a-w C:\Users\Jason\AppData\Roaming\PnkBstrK.sys 2007-11-27 22:40 --------- d-----w C:\Program Files\Activision 2007-11-27 22:13 --------- d-----w C:\Program Files\TweakVI 2007-11-26 18:44 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2007-11-26 00:18 --------- d-----w C:\Program Files\AskPBar 2007-11-23 05:16 --------- d-----w C:\Program Files\LcdStudio 2007-11-23 05:15 --------- d-----w C:\Program Files\Miranda IM 2007-11-23 05:06 --------- d-----w C:\Users\Jason\AppData\Roaming\Hamachi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 06:35 1196032] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 06:35 125440] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 13:32 81920] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 06:36 201728] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-27 04:13 1006264] "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 10:16 65536] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 05:52 4702208 C:\WINDOWS\RtHDVCpl.exe] "SnapfishMediaDetector"="C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe" [2007-03-02 16:55 1441792] "Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-04-26 17:54 774168] "Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 18:22 1132056] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-26 20:50 249896] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-09 23:28 36352] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "Lock My PC"="C:\Program Files\LMPC3\lockpc.exe" [2006-07-13 00:02 802304] "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 01:11 49152] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792] "WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 06:35 176128] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048] "PC Pitstop Optimize2 Reminder"="C:\Program Files\PCPitstop\Optimize2\Reminder.exe" [ ] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ] C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-01-08 22:40:12] OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-29 21:55:56] PalTalk.lnk.disabled [2007-12-19 20:03:50] Snapfish Media Detector.lnk - C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe [2007-03-02 16:55:02] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "LogonHoursAction"= 2 (0x2) "DontDisplayLogonHoursWarnings"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "DisableLocalMachineRun"= 0 (0x0) "DisableLocalMachineRunOnce"= 0 (0x0) "DisableCurrentUserRun"= 0 (0x0) "DisableCurrentUserRunOnce"= 0 (0x0) "UseDefaultTile"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStartMenuPinnedList"= 1 (0x1) "NoStartMenuMFUprogramsList"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "StartMenuFavorites"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" "BySoft FreeRAM"=C:\Program Files\FinitySoft Memory Manger\MemoryManager.exe R2 ioperm;ioperm support for Cygwin driver;C:\Users\Jason\pass\windows\ioperm.sys [2004-11-26 21:22] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot [] R2 SpyHunter3 Service;SpyHunter3 Service;"C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe" [2007-11-30 13:06] R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 10:44] R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\Windows\system32\drivers\hcw18bda.sys [2007-04-18 17:30] R3 LMPC2;LMPC2;C:\Windows\system32\drivers\LMPC2.sys [2006-06-26 11:24] S0 NVStrap;NVStrap;C:\Windows\system32\drivers\NVStrap.sys [2007-09-27 11:20] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-01-01 18:28] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \shell\applet\command - F:\autorun\autorun.exe /s \shell\AutoRun\command - F:\autorun\autorun.exe \shell\directx\command - F:\dxsetup\dxinst.exe \shell\ereg\command - F:\ereg\ereg32.exe \shell\install\command - F:\setup.exe \shell\installdemo\command - F:\j3setup\is_setup.exe \shell\qtim\command - F:\qtwsetup\setup.exe \shell\readfile\command - Notepad Readme.txt [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M] \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL M:\setup.hta *Newly Created Service* - MCHINJDRV *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2007-12-30 03:52:25 C:\Windows\Tasks\HPCeeScheduleForJason.job" - C:\program files\hewlett-packard\sdp\ceement\HPCEE.exe "2008-01-05 01:16:06 C:\Windows\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe "2008-01-10 04:59:08 C:\Windows\Tasks\User_Feed_Synchronization-{CFC91829-A52D-4BAD-B5FB-DC8D8B270843}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-09 23:57:40 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-09 23:58:16 . 2008-01-04 13:22:32 --- E O F --- Last edited by fin1983; 01-09-2008 at 11:10 PM. |
|
|
|
|
01-11-2008, 05:05 PM
|
#17 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,938
OS: WinXP and Vista
|
Re: Can you help me please?
Sorry..had to ask.
 Before you resort to reformatting, would you mind waiting a bit more? I'm consulting with a colleague on this, and will get back to you as soon as possible. |
|
|
|
|
01-11-2008, 10:14 PM
|
#19 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,938
OS: WinXP and Vista
|
Re: Can you help me please?
No problem, I'm very curious myself as to what's causing that. What's coming to mind is not malware, rather some software you have installed that is causing this.
This statement has been 'bugging' me since you first mentioned it: Quote:
|
|
|
|
|
|
01-12-2008, 06:59 PM
|
#20 (permalink) | |
|
Registered User
Join Date: Dec 2007
Posts: 15
OS: Vista
|
Re: Can you help me please?
Quote:
It found this "07.01.2007 11:19:49 - found: Microsoft.Windows.disableSystemRestore Settings " and fixed it and has not came up again? |
|
|
|
|
| Thread Tools | |
|
|
