Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Windows Explorer abruptly rises and closes (Log enclosed and etc.)
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 12-31-2007, 04:40 PM   #1 (permalink)
Registered User
 
Starrodkirby86's Avatar
 
Join Date: Dec 2007
Location: In America! :D
Posts: 16
OS: Windows XP Home Edition Service Pack 2


Send a message via AIM to Starrodkirby86 Send a message via MSN to Starrodkirby86 Send a message via Yahoo to Starrodkirby86 Send a message via Skype™ to Starrodkirby86
Windows Explorer abruptly rises and closes (Log enclosed and etc.)
My original thread that stated this problem can be found here. In fact, you should click on it to see what's up, since prior knowledge is very helpful. To paraphrase, Explorer.exe loves to close itself and never rear up again. When it does via the Task Manager, it will keep opening and restarting. The event viewer states in the original thread. More details are enclosed there, since I would like to save this for room on the HijackThis log and such.

Although the 5 step process recommends me to use DSS to create a scanfile, but DSS froze. It didn't work, to be frank. This is the error signature that appeared within the notifier:
Code:
AppName: dss.exe	 AppVer: 3.2.8.1	 ModName: dss.dll
ModVer: 0.0.0.0	 Offset: 00002120
---

I also have the Panda Active Scan. I might as well post it first. :D
I'm attaching the file (Y'know, the attachment download plan) because of the atrocious amount of characters. Forgive me if this will create any inconvience. In the following post, I will post the HijackThis log.
Attached Files
File Type: txt Activescan.txt (157.4 KB, 1 views)
Last edited by Starrodkirby86; 12-31-2007 at 04:44 PM.
Starrodkirby86 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 12-31-2007, 04:41 PM   #2 (permalink)
Registered User
 
Starrodkirby86's Avatar
 
Join Date: Dec 2007
Location: In America! :D
Posts: 16
OS: Windows XP Home Edition Service Pack 2


Send a message via AIM to Starrodkirby86 Send a message via MSN to Starrodkirby86 Send a message via Yahoo to Starrodkirby86 Send a message via Skype™ to Starrodkirby86
Re: Windows Explorer abruptly rises and closes (Log enclosed and etc.)
HijackThis log:


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:20:24 PM, on 12/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\aniServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\NCTV\bin\dm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\ctfmon.exe
M:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
M:\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssttu.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14BB0DA2-746F-47B2-80F6-629BEE3FF31D} - C:\WINDOWS\system32\ssttu.dll
O2 - BHO: (no name) - {3B556978-10EB-4F71-A61E-A736354D1269} - C:\WINDOWS\system32\ljjifdd.dll
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - C:\Program Files\Thtmiaho\tvaadjbv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134353379\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\Documents and Settings\Somone Mysterious\Local Settings\Temp\{231F68F4-70E4-41A6-BEDA-7E7934169B54}\MXOALDR.EXE
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
O4 - HKLM\..\Run: [lgxgpurk] rundll32.exe "C:\Program Files\gboxqnqr\adytsncl.dll",Init
O4 - HKLM\..\Run: [jelojsxo] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\jelojsxo.dll"
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [bejsrwvm] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\bejsrwvm.dll"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program files\america online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] M:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKLM\..\Policies\Explorer\Run: [IF2DArB2Z0] rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?40877aaf58854a5dab6d5ee7b7dd9fd8
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?40877aaf58854a5dab6d5ee7b7dd9fd8
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.pw.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198968149640
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.pw.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EE94415-3B9D-4C8E-9E21-BB03E129A261}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{26BC00C3-D1C4-4225-931F-EC044A3DD699}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CC3CF84-9AC5-4159-8489-E7CC1074CFED}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{3152E7B3-E421-45E9-9A53-88BC91869AB4}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{434870D9-621B-410D-A89F-BF215E068A1E}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E88EE34-D8A9-4056-B921-166CB29B9B5B}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F0FCF42-3FD3-44ED-8BFE-E966ECC98F98}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{85AC326D-1990-4BFF-A5C4-650C51A82332}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.106 85.255.112.167
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: ljjifdd - C:\WINDOWS\SYSTEM32\ljjifdd.dll
O20 - Winlogon Notify: winbjv32 - C:\WINDOWS\SYSTEM32\winbjv32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - Unknown owner - C:\Program Files\Common Files\AOL\1134353379\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe (file missing)
O23 - Service: Download Manager Lite Service (DownloadManagerLite) - NetCableTV - C:\PROGRA~1\NCTV\bin\dm.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee McShield (McShield) - Unknown owner - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe (file missing)
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WPS Scanner Service (WPSScannerSvc) - Skyhook Wireless - C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe

--
End of file - 18856 bytes
Starrodkirby86 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-03-2008, 12:36 AM   #3 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,444
OS: N/A


Re: Windows Explorer abruptly rises and closes (Log enclosed and etc.)
www.bleepingcomputer.com
www.forospyware.com
www.geekstogo.com

1. Please choose from any of the above links. Download the file & Save it to Desktop.

2. Double click on ComboFix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-03-2008, 12:52 PM   #4 (permalink)
Registered User
 
Starrodkirby86's Avatar
 
Join Date: Dec 2007
Location: In America! :D
Posts: 16
OS: Windows XP Home Edition Service Pack 2


Send a message via AIM to Starrodkirby86 Send a message via MSN to Starrodkirby86 Send a message via Yahoo to Starrodkirby86 Send a message via Skype™ to Starrodkirby86
Re: Windows Explorer abruptly rises and closes (Log enclosed and etc.)
Apparently, ComboFix has fixed the Explorer problem. Explorer.exe appears and the Start Bar is good as new. :D

I'm going to attach the ComboFix Log and post the HijackThis Log file up. Here goes the HijackThis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:34:16 AM, on 1/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\aniServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\NCTV\bin\dm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
M:\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134353379\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\Documents and Settings\Somone Mysterious\Local Settings\Temp\{231F68F4-70E4-41A6-BEDA-7E7934169B54}\MXOALDR.EXE
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [IF2DArB2Z0] rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?40877aaf58854a5dab6d5ee7b7dd9fd8
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?40877aaf58854a5dab6d5ee7b7dd9fd8
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.pw.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198968149640
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.pw.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EE94415-3B9D-4C8E-9E21-BB03E129A261}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{26BC00C3-D1C4-4225-931F-EC044A3DD699}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CC3CF84-9AC5-4159-8489-E7CC1074CFED}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{3152E7B3-E421-45E9-9A53-88BC91869AB4}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{434870D9-621B-410D-A89F-BF215E068A1E}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E88EE34-D8A9-4056-B921-166CB29B9B5B}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F0FCF42-3FD3-44ED-8BFE-E966ECC98F98}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{85AC326D-1990-4BFF-A5C4-650C51A82332}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.106 85.255.112.167
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - Unknown owner - C:\Program Files\Common Files\AOL\1134353379\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe (file missing)
O23 - Service: Download Manager Lite Service (DownloadManagerLite) - NetCableTV - C:\PROGRA~1\NCTV\bin\dm.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee McShield (McShield) - Unknown owner - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe (file missing)
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WPS Scanner Service (WPSScannerSvc) - Skyhook Wireless - C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe

--
End of file - 17227 bytes



ComboFix 08-01-03.4 - Super Luigi 2008-01-03 10:38:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.165 [GMT -8:00]
Running from: C:\Documents and Settings\Super Luigi\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\bejsrwvm.dll
C:\Documents and Settings\All Users\Application Data.\Starware316
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Screensavers0.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\starware_toolbar_icon.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\contexts\error.xml
C:\Documents and Settings\All Users\Application Data.\Starware316\contexts\related.xml
C:\Documents and Settings\All Users\Application Data.\Starware316\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data.\Starware316\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\starware_toolbar_icon.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware316\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\Mario 64\Application Data\Starware316
C:\Documents and Settings\Mario 64\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Mario 64\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Mario 64\Application Data\Starware316\Configurator\Configurator.xml
C:\Documents and Settings\Mario 64\Application Data\Starware316\Configurator\Configurator.xml.backup
C:\Documents and Settings\Mario 64\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Mario 64\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Mario 64\Application Data\Starware316\Games\GamesOptions.xml
C:\Documents and Settings\Mario 64\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\Documents and Settings\Mario 64\Application Data\Starware316\Games\images\active\Games0.bmp
C:\Documents and Settings\Mario 64\Application Data\Starware316\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Mario 64\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Mario 64\Application Data\Starware316\Manager\ManagerOptions.xml
C:\Documents and Settings\Mario 64\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Mario 64\Application Data\Starware316\Movies\images\active\Movies0.bmp
C:\Documents and Settings\Mario 64\Application Data\Starware316\Movies\MoviesOptions.xml
C:\Documents and Settings\Mario 64\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Mario 64\Application Data\Starware316\Reference\ReferenceOptions.xml
C:\Documents and Settings\Mario 64\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Mario 64\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Mario 64\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Mario 64\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\Mario 64\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\Mario 64\Application Data\Starware316\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\Mario 64\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Mario 64\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Mario 64\Application Data\Starware316\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Mario 64\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Mario 64\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Mario 64\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Mario 64\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Mario 64\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Mario 64\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Mario 64\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Mario 64\Application Data\Starware316\Weather\AlertArchive.xml
C:\Documents and Settings\Mario 64\Application Data\Starware316\Weather\WeatherOptions.xml
C:\Documents and Settings\Mario 64\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\Mom\Application Data\antivirus.exe
C:\install.exe
C:\Program Files\3269.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\America Online 9.0\aol .exe
C:\Program Files\BitTorrent\bittorrent .exe
C:\Program Files\Common Files\AOL\1134353379\EE\AOLSoftware .exe
C:\Program Files\Common Files\AOL\ACS\AOLDial .exe
C:\Program Files\Common Files\AOL\Launch\AOLLaunch .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\eliteprotector
C:\Program Files\gboxqnqr
C:\Program Files\gboxqnqr\adytsncl.dll
C:\Program Files\Helper
C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
C:\Program Files\McAfee\MBK\LogOnHook .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\SSSInst\bin\iebyterange.xml
C:\Program Files\screensavers.com\SSSInst\bin\iebyterange.xml.backup
C:\Program Files\screensavers.com\SSSInst\bin\SSSInst.dll
C:\Program Files\screensavers.com\SSSInst\bin\SSSUninst.exe
C:\Program Files\screensavers.com\SSSInst\temp\pltbinst.exe
C:\Program Files\screensavers.com\Wallpaper\Cascading.jpg
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\Program Files\Starware316
C:\Program Files\Starware316\bin\Starware316.dll
C:\Program Files\Starware316\brand.bmp
C:\Program Files\Starware316\Starware316Config.xml
C:\Program Files\Starware316\Starware316Uninstall.exe
C:\Program Files\Thtmiaho
C:\Program Files\Thtmiaho\tvaadjbv.dll
C:\Program Files\ucleaner_setup.exe
C:\Program Files\Vmrqvewt
C:\Program Files\Vmrqvewt\skzrapji.dll
C:\WINDOWS\hosts
C:\WINDOWS\inf\unregmp2 .exe
C:\WINDOWS\PerfInfo
C:\WINDOWS\PerfInfo\IF2DArB2Z0uc.exe
C:\WINDOWS\PerfInfo\IF2DArB2Z0ud.exe
C:\WINDOWS\ppqvmpqr
C:\WINDOWS\ppqvmpqr\1.png
C:\WINDOWS\ppqvmpqr\2.png
C:\WINDOWS\ppqvmpqr\3.png
C:\WINDOWS\ppqvmpqr\4.png
C:\WINDOWS\ppqvmpqr\5.png
C:\WINDOWS\ppqvmpqr\6.png
C:\WINDOWS\ppqvmpqr\bottom-rc.gif
C:\WINDOWS\ppqvmpqr\content.png
C:\WINDOWS\ppqvmpqr\download.gif
C:\WINDOWS\ppqvmpqr\frame-bottom-left.gif
C:\WINDOWS\ppqvmpqr\frame-h1bg.gif
C:\WINDOWS\ppqvmpqr\head.png
C:\WINDOWS\ppqvmpqr\indexuc.html
C:\WINDOWS\ppqvmpqr\indexud.html
C:\WINDOWS\ppqvmpqr\main.css
C:\WINDOWS\ppqvmpqr\net.png
C:\WINDOWS\ppqvmpqr\pc-mag.gif
C:\WINDOWS\ppqvmpqr\pc.gif
C:\WINDOWS\ppqvmpqr\poloska1.png
C:\WINDOWS\ppqvmpqr\poloska2.png
C:\WINDOWS\ppqvmpqr\poloska3.png
C:\WINDOWS\ppqvmpqr\promouc1.html
C:\WINDOWS\ppqvmpqr\promouc2.html
C:\WINDOWS\ppqvmpqr\promouc3.html
C:\WINDOWS\ppqvmpqr\promouc4.html
C:\WINDOWS\ppqvmpqr\promouc5.html
C:\WINDOWS\ppqvmpqr\promoud1.html
C:\WINDOWS\ppqvmpqr\promoud2.html
C:\WINDOWS\ppqvmpqr\promoud3.html
C:\WINDOWS\ppqvmpqr\promoud4.html
C:\WINDOWS\ppqvmpqr\promoud5.html
C:\WINDOWS\ppqvmpqr\reg.png
C:\WINDOWS\ppqvmpqr\repair.png
C:\WINDOWS\ppqvmpqr\scr-1.png
C:\WINDOWS\ppqvmpqr\scr-2.png
C:\WINDOWS\ppqvmpqr\styles.css
C:\WINDOWS\ppqvmpqr\top-rc.gif
C:\WINDOWS\ppqvmpqr\vline.gif
C:\WINDOWS\setup.exe
C:\WINDOWS\shell.exe
C:\WINDOWS\system32\cbxxuur.dll
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\drvtakr.dll
C:\WINDOWS\system32\ljjifdd.dll
C:\WINDOWS\system32\media
C:\WINDOWS\system32\ndaTqsVqrX.dll
C:\WINDOWS\system32\opnoppp.dll
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\ssttu.exe
C:\WINDOWS\system32\uttss.ini
C:\WINDOWS\system32\uttss.ini2
C:\WINDOWS\system32\winbjv32.dll
C:\WINDOWS\system32\wowfx.dll
M:\Autorun.inf

Code:
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe" moved to QooBox
"C:\Program Files\AIM6\aim6 .exe" replaces infected copy of "C:\Program Files\AIM6\aim6.exe"
"C:\Program Files\America Online 9.0\aol .exe" moved to QooBox
"C:\Program Files\Common Files\AOL\1134353379\EE\AOLSoftware .exe" moved to QooBox
"C:\Program Files\Common Files\AOL\ACS\AOLDial .exe" moved to QooBox
"C:\Program Files\Common Files\AOL\Launch\AOLLaunch .exe" moved to QooBox
"C:\Program Files\Common Files\Real\Update_OB\realsched .exe" moved to QooBox
"C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe" moved to QooBox
"C:\Program Files\McAfee\MBK\LogOnHook .exe" moved to QooBox
"C:\WINDOWS\inf\unregmp2 .exe" moved to QooBox
"C:\WINDOWS\system32\ctfmon .exe" moved to QooBox
.
.
((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.

2008-01-03 10:58 . 2008-01-03 10:58 <DIR> d-------- C:\Documents and Settings\Super Luigi\Application Data\Starware316
2008-01-03 10:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 17:34 . 2008-01-01 17:34 348,160 --a------ C:\WINDOWS\system32\RCX316.tmp
2008-01-01 09:21 . 2008-01-01 09:21 <DIR> d-------- C:\WINDOWS\system32\McAfee
2007-12-31 15:05 . 2007-12-31 15:05 <DIR> d-------- C:\Deckard
2007-12-31 14:51 . 2008-01-02 10:28 12,510 --a------ C:\warriordragon.png
2007-12-31 09:00 . 2007-12-31 09:00 878,354 --a------ C:\kane.jpg
2007-12-29 13:39 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-12-29 13:39 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-12-29 13:39 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-12-29 13:39 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-12-29 13:39 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-12-29 13:38 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2007-12-29 13:38 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2007-12-29 13:38 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2007-12-29 13:38 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2007-12-29 13:38 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2007-12-29 13:38 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-12-29 13:38 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2007-12-29 13:38 . 2004-08-03 23:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2007-12-29 13:38 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2007-12-29 13:36 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2007-12-29 13:35 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2007-12-29 13:34 . 2001-08-17 14:56 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
2007-12-29 13:33 . 2001-08-17 14:56 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2007-12-29 13:32 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2007-12-29 13:31 . 2001-08-17 14:56 147,200 --a--c--- C:\WINDOWS\system32\dllcache\smidispb.dll
2007-12-29 13:30 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2007-12-29 13:29 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2007-12-29 13:28 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2007-12-29 13:27 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2007-12-29 13:26 . 2004-08-04 00:56 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll
2007-12-29 13:25 . 2004-08-04 00:56 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll
2007-12-29 13:24 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2007-12-29 13:23 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
2007-12-29 13:22 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2007-12-29 13:21 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2007-12-29 13:20 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2007-12-29 13:19 . 2001-08-17 22:36 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2007-12-29 13:19 . 2001-08-17 22:36 45,568 --a--c--- C:\WINDOWS\system32\dllcache\kdsui.dll
2007-12-29 13:19 . 2001-08-17 22:36 37,376 --a--c--- C:\WINDOWS\system32\dllcache\kousd.dll
2007-12-29 13:19 . 2004-08-03 22:59 34,688 --a--c--- C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2007-12-29 13:19 . 2001-08-17 13:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\irstusb.sys
2007-12-29 13:19 . 2001-08-17 12:12 26,442 --a--c--- C:\WINDOWS\system32\dllcache\lanepic5.sys
2007-12-29 13:19 . 2001-08-17 12:11 25,065 --a--c--- C:\WINDOWS\system32\dllcache\lmndis3.sys
2007-12-29 13:19 . 2001-08-17 12:12 19,016 --a--c--- C:\WINDOWS\system32\dllcache\ktc111.sys
2007-12-29 13:19 . 2001-08-17 13:51 15,744 --a--c--- C:\WINDOWS\system32\dllcache\lit220p.sys
2007-12-29 13:17 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2007-12-29 13:16 . 2001-08-17 13:28 542,879 --a--c--- C:\WINDOWS\system32\dllcache\hsf_msft.sys
2007-12-29 13:15 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2007-12-29 13:14 . 2001-08-17 12:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys
2007-12-29 13:13 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2007-12-29 13:12 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2007-12-29 13:11 . 2001-08-17 22:36 419,357 --a--c--- C:\WINDOWS\system32\dllcache\dgconfig.dll
2007-12-29 13:10 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2007-12-29 13:09 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2007-12-29 13:08 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2007-12-29 13:07 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2007-12-29 12:57 . 2007-12-29 12:57 <DIR> d-------- C:\Documents and Settings\Super Luigi\Application Data\Uniblue
2007-12-29 08:58 . 2007-12-29 08:58 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-29 08:08 . 2007-12-29 08:58 118 --a------ C:\WINDOWS\system32\MRT.INI
2007-12-28 15:44 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2007-12-28 15:42 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\yhbroxbaxuow.sys
2007-12-28 15:22 . 2007-12-31 09:12 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-28 15:22 . 2007-12-31 09:12 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-28 15:22 . 2007-12-31 09:12 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-28 15:21 . 2007-12-31 13:30 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-28 14:41 . 2002-12-29 01:14 81,920 --a------ C:\WINDOWS\system32\Startup.cpl
2007-12-28 13:25 . 2007-12-28 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-28 12:27 . 2007-12-28 12:27 9,728 --a------ C:\WINDOWS\system32\spoolvs .exe
2007-12-28 12:26 . 2007-12-29 07:45 375,808 --a------ C:\WINDOWS\lsass .exe
2007-12-28 12:26 . 2007-12-28 12:26 9,728 --a------ C:\WINDOWS\system32\printer .exe
2007-12-28 11:56 . 2007-12-28 11:56 4,274 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-28 11:33 . 2007-12-28 11:33 1,283,174 --a------ C:\Install
2007-12-24 15:28 . 2007-12-24 15:28 102,405 --a------ C:\map.JPG
2007-12-24 10:10 . 2007-12-24 10:10 55,270 --a------ C:\Novasonic2.bmp
2007-12-24 10:07 . 2007-12-24 10:07 55,270 --a------ C:\Novasonic.bmp
2007-12-23 14:15 . 2007-12-23 17:52 21 --a------ C:\WINDOWS\lqwincd.ini
2007-12-21 13:06 . 2007-12-21 13:06 4,374 --a------ C:\RMG2000.zip
2007-12-19 21:51 . 2007-12-19 21:51 326,132 --a------ C:\shockwave.jpg
2007-12-19 21:40 . 2007-12-19 21:40 37,686 --a------ C:\Toasty.bmp
2007-12-09 17:30 . 2007-12-09 17:29 521 --a------ C:\013.gif
2007-12-09 16:00 . 2007-12-09 16:00 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-09 15:56 . 2007-12-09 15:59 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-06 21:51 . 2007-12-06 21:51 <DIR> d-------- C:\Documents and Settings\Super Luigi\Application Data\Viewpoint
2007-12-06 18:23 . 2007-12-06 18:23 168,534 --a------ C:\logo.bmp
2007-12-06 10:45 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-06 10:45 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-12-06 10:44 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-12-06 10:44 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 19:19 --------- d-----w C:\Program Files\AIM6
2008-01-03 18:58 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-03 18:58 --------- d-----w C:\Program Files\BitTorrent
2008-01-03 18:58 --------- d-----w C:\Program Files\America Online 9.0
2008-01-03 15:50 --------- d-----w C:\Program Files\QuickTime
2007-12-31 21:00 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-31 06:36 --------- d-----w C:\Program Files\MSN Messenger
2007-12-30 18:40 --------- d-----w C:\Program Files\Google
2007-12-29 02:05 --------- d-----w C:\Program Files\Viewpoint
2007-12-29 02:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-28 23:39 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-28 22:20 --------- d-----w C:\Program Files\Web Publish
2007-12-28 20:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\RetroExp
2007-12-28 20:30 --------- d-----w C:\Documents and Settings\Super Luigi\Application Data\BitTorrent
2007-12-28 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-26 21:44 --------- d-----w C:\Documents and Settings\Super Luigi\Application Data\U3
2007-12-23 18:09 --------- d-----w C:\Documents and Settings\Super Luigi\Application Data\Canon
2007-12-23 08:09 --------- d-----w C:\Documents and Settings\Super Luigi\Application Data\Skype
2007-12-09 23:54 --------- d-----w C:\Program Files\Windows Media Connect
2007-12-09 06:17 --------- d-----w C:\Program Files\The Learning Company
2007-11-24 06:20 --------- d-----w C:\Documents and Settings\LocalService\Application Data\McAfee
2007-11-23 00:56 --------- d-----w C:\Documents and Settings\Super Luigi\Application Data\Leadertech
2007-11-22 03:32 --------- d-----w C:\Program Files\McAfee
2007-11-18 18:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-17 05:19 --------- d-----w C:\Program Files\ffdshow
2007-11-13 20:49 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Sony Corporation
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 04:48 --------- d-----w C:\Documents and Settings\Super Luigi\Application Data\CELSYS
2007-11-06 18:51 --------- d-----w C:\Program Files\Serif
2007-11-06 18:50 --------- d-----w C:\Program Files\Broderbund
2007-10-06 02:21 57,344 ----a-w C:\WINDOWS\TADSUINS.EXE
2007-03-05 00:18 51,763 ----a-w C:\Documents and Settings\Mario 64\millie-1.0-win32.zip
2006-01-02 21:28 90,112 ----a-w C:\Documents and Settings\Mario 64\Millie.exe
2006-01-02 20:46 468 ----a-w C:\Documents and Settings\Mario 64\extract.bat
2006-01-02 20:46 432 ----a-w C:\Documents and Settings\Mario 64\insert.bat
2002-10-04 23:09 204,800 ----a-w C:\WINDOWS\inf\FXPlugin.dll
2007-02-11 03:53 56 --sh--r C:\WINDOWS\system32\17F8A87290.sys
.
Code:
----a-w           368,706 2007-12-28 20:26:10  C:\Program Files\BroadJump\Client Foundation\CFD .exe
----a-w         6,946,816 2007-12-28 20:26:34  C:\Program Files\Dantz\Retrospect Express HD\RetroExpress .exe
----a-w           823,296 2007-12-28 20:26:17  C:\Program Files\Maxtor\OneTouch\Utils\Onetouch .exe
----a-w         5,674,352 2007-12-29 04:17:54  C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w           657,920 2007-12-29 15:45:25  C:\Program Files\QuickTime\qttask .exe
----a-w            49,152 2007-12-28 20:26:26  C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2 .exe
----a-w           204,288 2007-12-28 20:27:13  C:\Program Files\Windows Media Player\WMPNSCFG .exe
----a-w         4,670,704 2007-12-28 20:27:34  C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
----a-w           375,808 2007-12-29 15:45:29  C:\WINDOWS\lsass .exe
----a-w           546,304 2007-12-28 20:26:44  C:\WINDOWS\BBSTORE\DSS\DSSAGENT .EXE
----a-w             9,728 2007-12-28 20:26:56  C:\WINDOWS\system32\printer .exe
----a-w             9,728 2007-12-28 20:27:12  C:\WINDOWS\system32\spoolvs .exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-12-29 08:46 411648]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2007-12-29 08:45 1607680]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"Aim6"="" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [ ]
"AOL Fast Start"="C:\Program Files\America online 9.0\AOL.exe" [2007-12-29 08:46 425472]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-09 15:56 6746112]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [ ]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-29 07:45 445952]
"HostManager"="C:\Program Files\Common Files\AOL\1134353379\ee\AOLSoftware.exe" [2007-12-29 07:45 425472]
"MaxtorOneTouch"="C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe" [ ]
"MXOBG"="C:\Documents and Settings\Somone Mysterious\Local Settings\Temp\{231F68F4-70E4-41A6-BEDA-7E7934169B54}\MXOALDR.EXE" [ ]
"RetroExpress"="C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe" [ ]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [ ]
"OASClnt"="C:\Program Files\mcafee.com\antivirus\oasclnt.exe" [ ]
"EmailScan"="C:\Program Files\mcafee.com\antivirus\mcvsescn.exe" [ ]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-29 07:45 529408]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-12-29 07:45 370688]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-12-29 07:45 389120]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-12-29 07:45 435712]
"DSS"="C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE" [ ]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - M:\LimeWire\LimeWire.exe [2007-09-17 06:19:14]

C:\Documents and Settings\Daddy\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - M:\LimeWire\LimeWire.exe [2007-09-17 06:19:14]
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-08-27 11:37:56]

C:\Documents and Settings\Mario 64\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - M:\LimeWire\LimeWire.exe [2007-09-17 06:19:14]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-16 17:26:43]
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE [2007-11-06 10:40:23]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"IF2DArB2Z0"= rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
"LockTaskbar"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 16:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Iomega Backup Scheduler.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Iomega Backup Scheduler.lnk
backup=C:\WINDOWS\pss\Iomega Backup Scheduler.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Iomega Icons.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Iomega Icons.lnk
backup=C:\WINDOWS\pss\Iomega Icons.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Iomega Startup Options.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Iomega Startup Options.lnk
backup=C:\WINDOWS\pss\Iomega Startup Options.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IomegaWare.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\IomegaWare.lnk
backup=C:\WINDOWS\pss\IomegaWare.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuikSync.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuikSync.lnk
backup=C:\WINDOWS\pss\QuikSync.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\America Online 9.0\AOL.EXE -b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2007-12-29 07:45 445952 --a------ C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-11-07 16:21 114688 --a------ C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-04-29 13:56 45056 --a------ C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2007-12-29 08:45 1607680 --a------ C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-25 16:52 14384 --a------ C:\Program Files\Common Files\AOL\1134353379\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-06-29 13:33 77824 --a------ C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 13:12 32768 --a------ C:\Program Files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-06-29 13:33 114688 --a------ C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2005-05-15 04:51 184320 --a------ C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-06-03 02:52 36975 --a------ C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVTunerLib]
2005-02-16 17:41 245760 --a------ C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-19 20:08 28672 --a------ C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VZRemoteCommander]
2005-01-31 09:10 192512 --a------ C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe

R3 WNIPROT5;WNIPROT5 Protocol Driver;C:\WINDOWS\System32\WNIPROT5.SYS [2004-08-11 11:15]
R3 Wpsnuio;WPS NDIS Usermode I/O Protocol;C:\WINDOWS\system32\DRIVERS\wpsnuio.sys [2007-05-01 12:11]
S3 Airgo;Belkin Wireless Pre-N Notebook Network Driver;C:\WINDOWS\system32\DRIVERS\wnihdd51.sys [2004-08-13 07:43]
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys [2002-12-13 00:06]
S3 SONYTVC;Sony MPEG RR-Engine;C:\WINDOWS\system32\DRIVERS\SONYTVC.sys [2005-03-18 09:01]
S3 zenos1;zenos1;M:\Program Files\GameCheetah\Zenos Engine\zenos.sys [2006-12-10 21:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a1a2044-69f8-11dc-a85e-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2516c516-13b4-11dc-a797-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c03e1fb-6f68-11dc-a86a-00038a000015}]
\Shell\AutoRun\command - F:\MigoSync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8580f1d4-5a55-11dc-a83a-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94f6785b-7bd0-11db-a64f-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-03 18:18:11 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-08-16 18:15:40 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-08-16 18:15:38 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 11:21:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-03 11:29:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-03 19:28:56


---
Thanks Subs. I thought I had to bump this until your reply came. Thank you. :D
Attached Files
File Type: txt log.txt (38.4 KB, 1 views)
Last edited by sUBs; 01-03-2008 at 01:06 PM.
Starrodkirby86 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-03-2008, 01:31 PM   #5 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,444
OS: N/A


Re: Windows Explorer abruptly rises and closes (Log enclosed and etc.)
Go to Start > Control Panel > Add or Remove Programs and uninstall the following programs:
  • ViewPoint
Please note any other programs that you dont recognize in that list in your next response


---------------


Do a HijackThis scan & place a check next to these items and select "Fix checked":

O4 - HKLM\..\Policies\Explorer\Run: [IF2DArB2Z0] rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EE94415-3B9D-4C8E-9E21-BB03E129A261}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{26BC00C3-D1C4-4225-931F-EC044A3DD699}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CC3CF84-9AC5-4159-8489-E7CC1074CFED}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{3152E7B3-E421-45E9-9A53-88BC91869AB4}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{434870D9-621B-410D-A89F-BF215E068A1E}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E88EE34-D8A9-4056-B921-166CB29B9B5B}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F0FCF42-3FD3-44ED-8BFE-E966ECC98F98}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{85AC326D-1990-4BFF-A5C4-650C51A82332}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.106 85.255.112.167


---------------


Open notepad and copy/paste the text in the quotebox below into it:

Code:
FOLDER::
C:\Documents and Settings\Super Luigi\Application Data\Starware316
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint
FILE::
C:\WINDOWS\system32\RCX316.tmp
C:\WINDOWS\system32\drivers\yhbroxbaxuow.sys
C:\WINDOWS\system32\spoolvs .exe
C:\WINDOWS\lsass .exe
C:\WINDOWS\system32\printer .exe
C:\013.gif
RENV::
C:\Program Files\BroadJump\Client Foundation\CFD .exe
C:\Program Files\Dantz\Retrospect Express HD\RetroExpress .exe
C:\Program Files\Maxtor\OneTouch\Utils\Onetouch .exe
C:\Program Files\MSN Messenger\msnmsgr .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2 .exe
C:\Program Files\Windows Media Player\WMPNSCFG .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\WINDOWS\BBSTORE\DSS\DSSAGENT .EXE
REGISTRY::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MXOBG"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"IF2DArB2Z0"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
Save this as "CFScript"




Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.


---------------


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.



  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan


---------------


In your next post, please include fresh logs from:
  1. Fresh Hijackthis log taken just before replying
  2. Online scan
  3. ComboFix's log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-03-2008, 01:32 PM   #6 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,444
OS: N/A


Re: Windows Explorer abruptly rises and closes (Log enclosed and etc.)
This is to be performed after you have posted the required logs.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u1 - http://java.sun.com/javase/downloads/index.jsp
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u3-windowsi586-p.exe to install the newest version.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-03-2008, 04:19 PM   #7 (permalink)
Registered User
 
Starrodkirby86's Avatar
 
Join Date: Dec 2007
Location: In America! :D
Posts: 16
OS: Windows XP Home Edition Service Pack 2


Send a message via AIM to Starrodkirby86 Send a message via MSN to Starrodkirby86 Send a message via Yahoo to Starrodkirby86 Send a message via Skype™ to Starrodkirby86
Re: Windows Explorer abruptly rises and closes (Log enclosed and etc.)
This may seem awkward, or even unheard of, but both of the above steps failed...The CFScript freezes or doesn't go on after Stage 36 (Which I hope is not the case or else it is my impatientience), but something I know for sure is that the Kapersky link redirects to the homepage. Any insight? Sorry for my imcompetence or any of those defects. By the way, because of this, I did not do the Java instructions yet, since I did not post all required logs (Reasons above of course).

HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:17, on 2008-01-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\aniServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\NCTV\bin\dm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
M:\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134353379\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\Documents and Settings\Somone Mysterious\Local Settings\Temp\{231F68F4-70E4-41A6-BEDA-7E7934169B54}\MXOALDR.EXE
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?40877aaf58854a5dab6d5ee7b7dd9fd8
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?40877aaf58854a5dab6d5ee7b7dd9fd8
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.pw.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198968149640
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.pw.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - Unknown owner - C:\Program Files\Common Files\AOL\1134353379\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe (file missing)
O23 - Service: Download Manager Lite Service (DownloadManagerLite) - NetCableTV - C:\PROGRA~1\NCTV\bin\dm.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee McShield (McShield) - Unknown owner - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe (file missing)
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WPS Scanner Service (WPSScannerSvc) - Skyhook Wireless - C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe

--
End of file - 16213 bytes
Last edited by Starrodkirby86; 01-03-2008 at 04:21 PM.
Starrodkirby86 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-03-2008, 04:21 PM   #8 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,444
OS: N/A


Re: Windows Explorer abruptly rises and closes (Log enclosed and etc.)
Please reboot to Safe Mode


1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the option to run Windows in Safe Mode.

Run CFScript from there.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-03-2008, 04:22 PM   #9 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,444
OS: N/A


Re: Windows Explorer abruptly rises and closes (Log enclosed and etc.)
If Kaspersky is giving you issues, use this other scanner

ESET Online Scanner
  • Please go to the following link ESET Online Scanner Link
  • Tick the box YES, I accept the Terms Of Use
  • Click the Start button
  • Now click the Install button
  • Click Start

    The scanner engine will initialise and update
  • Do Not tick the box Remove found threats
  • Click the Scan button

    The scan will now run, please be patient
  • When the scan finishes click the Details tab
  • Copy and paste the contents of the C:\Program Files\EsetOnlineScanner\log.txt back here.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-03-2008, 07:19 PM   #10 (permalink)
Registered User
 
Starrodkirby86's Avatar
 
Join Date: Dec 2007
Location: In America! :D
Posts: 16
OS: Windows XP Home Edition Service Pack 2


Send a message via AIM to Starrodkirby86 Send a message via MSN to Starrodkirby86 Send a message via Yahoo to Starrodkirby86 Send a message via Skype™ to Starrodkirby86
Re: Windows Explorer abruptly rises and closes (Log enclosed and etc.)
Patientience is of the essence. Fortunately, I had that. And you did too.
Here is the log from the ESET Scan. The CFScript log will be attached and the HijackThis Log will come in the next post. Once again, I thank you very much.

---

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2764 (20080103)
# vers_arch_module=1.060 (20071228)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=b184b27bbb714d4f8563e301b07b3e71
# end=finished
# remove_checked=false
# unwanted_checked=false
# utc_time=2008-01-04 02:16:12
# local_time=2008-01-03 06:16:12 (-0800, Pacific Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=672702
# found=35
# scan_time=7572
C:\Documents and Settings\Super Luigi\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-47e5d0c5 multiple infiltrations F9BC157ECF33545646E9F74D6DFCC0E2
C:\Documents and Settings\Super Luigi\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-47e5d0c5 »ZIP »Gummy.class Java/Bytverify trojan 00000000000000000000000000000000
C:\Documents and Settings\Super Luigi\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-47e5d0c5 »ZIP »Counter.class Java/Exploit.Bytverify.B trojan 00000000000000000000000000000000
C:\Documents and Settings\Super Luigi\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-47e5d0c5 »ZIP »VerifierBug.class Java/Exploit.Bytverify.B trojan 00000000000000000000000000000000
C:\Documents and Settings\Super Luigi\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-47e5d0c5 »ZIP »Beyond.class a variant of Java/ClassLoader.K trojan 00000000000000000000000000000000
C:\QooBox\Quarantine\catchme2008-01-03_112122.82.zip Win32/Adware.Virtumonde.FP application 74835CC259FC25EAE01A0C54EF627018
C:\QooBox\Quarantine\catchme2008-01-03_112122.82.zip »ZIP »ssttu.dll Win32/Adware.Virtumonde.FP application 00000000000000000000000000000000
C:\QooBox\Quarantine\catchme2008-01-03_155535.37.zip Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\catchme2008-01-03_155535.37.zip »ZIP »lsass .exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\bejsrwvm.dll.vir Win32/Adware.UltimateDefender application 1F3E1FCAA860DF4C7C85CA41485FA88A
C:\QooBox\Quarantine\C\Program Files\3269.exe.vir Win32/TrojanDownloader.Busky.BT trojan 7EDF11DEB2ABC996922BD9C68B3AA3B1
C:\QooBox\Quarantine\C\Program Files\ucleaner_setup.exe.vir Win32/Adware.UltimateCleaner application C7E3838E6DF033E6335EF0C9A0020FA6
C:\QooBox\Quarantine\C\Program Files\AIM6\aim6.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\BitTorrent\bittorrent .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\Microsoft ActiveSync\wcescomm .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\Screensavers.com\SSSInst\bin\SSSInst.dll.vir Win32/Adware.Comet application 15B980C7264746DC5CB5EA63FAD03F39
C:\QooBox\Quarantine\C\Program Files\Screensavers.com\SSSInst\temp\pltbinst.exe.vir probably a variant of Win32/Adware.Agent application 94DFA8D536C56DE6C5A19C2F9EA3DF68
C:\QooBox\Quarantine\C\Program Files\Screensavers.com\SSSInst\temp\pltbinst.exe.vir »NSIS »Starware316.dll probably a variant of Win32/Adware.Agent application 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\Starware316\bin\Starware316.dll.vir probably a variant of Win32/Adware.Agent application 69666F6FBB3CBF0A000759270BEDD771
C:\QooBox\Quarantine\C\Program Files\Thtmiaho\tvaadjbv.dll.vir Win32/Adware.UltimateDefender application 1F3E1FCAA860DF4C7C85CA41485FA88A
C:\QooBox\Quarantine\C\Program Files\Vmrqvewt\skzrapji.dll.vir Win32/Adware.UltimateDefender application 1F3E1FCAA860DF4C7C85CA41485FA88A
C:\QooBox\Quarantine\C\WINDOWS\PerfInfo\IF2DArB2Z0uc.exe.vir probably a variant of Win32/Adware.UltimateDefender application AFA90F6F519375E89089886A7992C351
C:\QooBox\Quarantine\C\WINDOWS\PerfInfo\IF2DArB2Z0ud.exe.vir probably a variant of Win32/Adware.UltimateDefender application 6CE7FE3E2B56068E1D41A3120530D512
C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\opnoppp.dll.vir Win32/Adware.Virtumonde application 4BCAEF5EF3ECBF47C92E0BB862C51985
C:\QooBox\Quarantine\C\WINDOWS\system32\printer .exe.vir a variant of Win32/TrojanDownloader.FakeAlert.G trojan 769F30EB5DAA092A30A1AF53FBF88DC0
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX316.tmp.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\spoolvs .exe.vir a variant of Win32/TrojanDownloader.FakeAlert.G trojan 769F30EB5DAA092A30A1AF53FBF88DC0
C:\QooBox\Quarantine\C\WINDOWS\system32\ssttu.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\winbjv32.dll.vir Win32/Agent.QT trojan C176AF9150CE19948006436453DEE231
C:\WINDOWS\SudokuInstaller.exe a variant of Win32/TrojanDownloader.PurityScan.BV trojan 2D99C51D294F39BE3D333DE09D198B3F
C:\WINDOWS\SudokuInstaller.exe »NSIS »Sudoku.exe a variant of Win32/TrojanDownloader.PurityScan.BV trojan 00000000000000000000000000000000



ComboFix 08-01-03.4 - Super Luigi 2008-01-03 15:37:29.4 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.347 [GMT -8:00]
Running from: C:\Documents and Settings\Super Luigi\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Super Luigi\Desktop\CFScript.txt

FILE
C:\013.gif
C:\WINDOWS\lsass .exe
C:\WINDOWS\system32\drivers\yhbroxbaxuow.sys
C:\WINDOWS\system32\printer .exe
C:\WINDOWS\system32\RCX316.tmp
C:\WINDOWS\system32\spoolvs .exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\013.gif
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\Super Luigi\Application Data\Starware316
C:\Program Files\Viewpoint
C:\WINDOWS\lsass .exe
C:\WINDOWS\system32\drivers\yhbroxbaxuow.sys
C:\WINDOWS\system32\printer .exe
C:\WINDOWS\system32\RCX316.tmp
C:\WINDOWS\system32\spoolvs .exe

.
((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.

2008-01-03 13:20 . 2008-01-03 13:20 <DIR> d-------- C:\Program Files\MetaStream
2008-01-03 11:25 . 2008-01-03 11:25 3,634 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-01-03 10:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 09:21 . 2008-01-01 09:21 <DIR> d-------- C:\WINDOWS\system32\McAfee
2007-12-31 15:05 . 2007-12-31 15:05 <DIR> d-------- C:\Deckard
2007-12-31 14:51 . 2008-01-02 10:28 12,510 --a------ C:\warriordragon.png
2007-12-31 09:00 . 2007-12-31 09:00 878,354 --a------ C:\kane.jpg
2007-12-29 13:39 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-12-29 13:39 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-12-29 13:39 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-12-29 13:39 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-12-29 13:39 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-12-29 13:38 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2007-12-29 13:38 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2007-12-29 13:38 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2007-12-29 13:38 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2007-12-29 13:38 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2007-12-29 13:38 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-12-29 13:38 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2007-12-29 13:38 . 2004-08-03 23:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2007-12-29 13:38 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2007-12-29 13:36 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2007-12-29 13:35 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2007-12-29 13:34 . 2001-08-17 14:56 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
2007-12-29 13:33 . 2001-08-17 14:56 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2007-12-29 13:32 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2007-12-29 13:31 . 2001-08-17 14:56 147,200 --a--c--- C:\WINDOWS\system32\dllcache\smidispb.dll
2007-12-29 13:30 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2007-12-29 13:29 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2007-12-29 13:28 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2007-12-29 13:27 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2007-12-29 13:26 . 2004-08-04 00:56 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll
2007-12-29 13:25 . 2004-08-04 00:56 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll
2007-12-29 13:24 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2007-12-29 13:23 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
2007-12-29 13:22 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2007-12-29 13:21 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2007-12-29 13:20 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2007-12-29 13:19 . 2001-08-17 22:36 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2007-12-29 13:19 . 2001-08-17 22:36 45,568 --a--c--- C:\WINDOWS\system32\dllcache\kdsui.dll
2007-12-29 13:19 . 2001-08-17 22:36 37,376 --a--c--- C:\WINDOWS\system32\dllcache\kousd.dll
2007-12-29 13:19 . 2004-08-03 22:59 34,688 --a--c--- C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2007-12-29 13:19 . 2001-08-17 13:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\irstusb.sys
2007-12-29 13:19 . 2001-08-17 12:12 26,442 --a--c--- C:\WINDOWS\system32\dllcache\lanepic5.sys
2007-12-29 13:19 . 2001-08-17 12:11 25,065 --a--c--- C:\WINDOWS\system32\dllcache\lmndis3.sys
2007-12-29 13:19 . 2001-08-17 12:12 19,016 --a--c--- C:\WINDOWS\system32\dllcache\ktc111.sys
2007-12-29 13:19 . 2001-08-17 13:51 15,744 --a--c--- C:\WINDOWS\system32\dllcache\lit220p.sys
2007-12-29 13:17 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2007-12-29 13:16 . 2001-08-17 13:28 542,879 --a--c--- C:\WINDOWS\system32\dllcache\hsf_msft.sys
2007-12-29 13:15 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2007-12-29 13:14 . 2001-08-17 12:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys
2007-12-29 13:13 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2007-12-29 13:12 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2007-12-29 13:11 . 2001-08-17 22:36 419,357 --a--c--- C:\WINDOWS\system32\dllcache\dgconfig.dll
2007-12-29 13:10 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2007-12-29 13:09 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2007-12-29 13:08 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2007-12-29 13:07 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2007-12-29 12:57 . 2007-12-29 12:57 <DIR> d-------- C:\Documents and Settings\Super Luigi\Application Data\Uniblue
2007-12-29 08:58 . 2007-12-29 08:58 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-29 08:08 . 2007-12-29 08:58 118 --a------ C:\WINDOWS\system32\MRT.INI
2007-12-28 15:44 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2007-12-28 15:22 . 2007-12-31 09:12 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-28 15:22 . 2007-12-31 09:12 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-28 15:22 . 2007-12-31 09:12 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-28 15:21 . 2007-12-31 13:30 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-28 14:41 . 2002-12-29 01:14 81,920 --a------ C:\WINDOWS\system32\Startup.cpl
2007-12-28 13:25 . 2007-12-28 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-28 11:56 . 2007-12-28 11:56 4,274 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-28 11:33 . 2007-12-28 11:33 1,283,174 --a------ C:\Install
2007-12-24 15:28 . 2007-12-24 15:28 102,405 --a------ C:\map.JPG
2007-12-24 10:10 . 2007-12-24 10:10 55,270 --a------ C:\Novasonic2.bmp
2007-12-24 10:07 . 2007-12-24 10:07 55,270 --a------ C:\Novasonic.bmp
2007-12-23 14:15 . 2007-12-23 17:52 21 --a------ C:\WINDOWS\lqwincd.ini
2007-12-21 13:06 . 2007-12-21 13:06 4,374 --a------ C:\RMG2000.zip
2007-12-19 21:51 . 2007-12-19 21:51 326,132 --a------ C:\shockwave.jpg
2007-12-19 21:40 . 2007-12-19 21:40 37,686 --a------ C:\Toasty.bmp
2007-12-09 16:00 . 2007-12-09 16:00 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-09 15:56 . 2007-12-09 15:59 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-06 21:51 . 2007-12-06 21:51 <DIR> d-------- C:\Documents and Settings\Super Luigi\Application Data\Viewpoint
2007-12-06 18:23 . 2007-12-06 18:23 168,534 --a------ C:\logo.bmp
2007-12-06 10:45 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-06 10:45 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-12-06 10:44 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-12-06 10:44 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 19:19 --------- d-----w C:\Program Files\AIM6
2008-01-03 18:58 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-03 18:58 --------- d-----w C:\Program Files\BitTorrent
2008-01-03 18:58 --------- d-----w C:\Program Files\America Online 9.0
2008-01-03 15:50 --------- d-----w C:\Program Files\QuickTime
2007-12-31 21:00 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-31 06:36 --------- d-----w C:\Program Files\MSN Messenger
2007-12-30 18:40 --------- d-----w C:\Program Files\Google
2007-12-28 23:39 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-28 22:20 --------- d-----w C:\Program Files\Web Publish
2007-12-28 20:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\RetroExp
2007-12-28 20:30 --------- d-----w C:\Documents and Settings\Super Luigi\Application Data\BitTorrent
2007-12-28 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-26 21:44 --------- d-----w C:\Documents and Settings\Super Luigi\Application Data\U3
2007-12-23 18:09 --------- d-----w C:\Documents and Settings\Super Luigi\Application Data\Canon
2007-12-23 08:09 --------- d-----w C:\Documents and Settings\Super Luigi\Application Data\Skype
2007-12-09 23:54 --------- d-----w C:\Program Files\Windows Media Connect
2007-12-09 06:17 --------- d-----w C:\Program Files\The Learning Company
2007-11-24 06:20 --------- d-----w C:\Documents and Settings\LocalService\Application Data\McAfee
2007-11-23 00:56 --------- d-----w C:\Documents and Settings\Super Luigi\Application Data\Leadertech
2007-11-22 03:32 --------- d-----w C:\Program Files\McAfee
2007-11-18 18:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-17 05:19 --------- d-----w C:\Program Files\ffdshow
2007-11-13 20:49 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Sony Corporation
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 04:48 --------- d-----w C:\Documents and Settings\Super Luigi\Application Data\CELSYS
2007-11-06 18:51 --------- d-----w C:\Program Files\Serif
2007-11-06 18:50 --------- d-----w C:\Program Files\Broderbund
2007-10-06 02:21 57,344 ----a-w C:\WINDOWS\TADSUINS.EXE
2007-03-05 00:18 51,763 ----a-w C:\Documents and Settings\Mario 64\millie-1.0-win32.zip
2006-01-02 21:28 90,112 ----a-w C:\Documents and Settings\Mario 64\Millie.exe
2006-01-02 20:46 468 ----a-w C:\Documents and Settings\Mario 64\extract.bat
2006-01-02 20:46 432 ----a-w C:\Documents and Settings\Mario 64\insert.bat
2007-02-11 03:53 56 --sh--r C:\WINDOWS\system32\17F8A87290.sys
.
Code:
----a-w           368,706 2007-12-28 20:26:10  C:\Program Files\BroadJump\Client Foundation\CFD .exe
----a-w         6,946,816 2007-12-28 20:26:34  C:\Program Files\Dantz\Retrospect Express HD\RetroExpress .exe
----a-w           823,296 2007-12-28 20:26:17  C:\Program Files\Maxtor\OneTouch\Utils\Onetouch .exe
----a-w         5,674,352 2007-12-29 04:17:54  C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w           657,920 2007-12-29 15:45:25  C:\Program Files\QuickTime\qttask .exe
----a-w            49,152 2007-12-28 20:26:26  C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2 .exe
----a-w           204,288 2007-12-28 20:27:13  C:\Program Files\Windows Media Player\WMPNSCFG .exe
----a-w         4,670,704 2007-12-28 20:27:34  C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
----a-w           546,304 2007-12-28 20:26:44  C:\WINDOWS\BBSTORE\DSS\DSSAGENT .EXE

((((((((((((((((((((((((((((( snapshot@2008-01-03_11.28.35.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-29 16:39:41 87,936 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-03 19:25:37 88,454 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-29 16:39:42 466,170 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-03 19:25:37 467,046 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-12-29 08:46 411648]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2007-12-29 08:45 1607680]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [ ]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2007-12-29 08:46 425472]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-09 15:56 6746112]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [ ]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-29 07:45 445952]
"HostManager"="C:\Program Files\Common Files\AOL\1134353379\ee\AOLSoftware.exe" [2007-12-29 07:45 425472]
"MaxtorOneTouch"="C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe" [ ]
"RetroExpress"="C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe" [ ]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [ ]
"OASClnt"="C:\Program Files\mcafee.com\antivirus\oasclnt.exe" [ ]
"EmailScan"="C:\Program Files\mcafee.com\antivirus\mcvsescn.exe" [ ]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-29 07:45 529408]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-12-29 07:45 370688]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-12-29 07:45 389120]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-12-29 07:45 435712]
"DSS"="C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE" [ ]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - M:\LimeWire\LimeWire.exe [2007-09-17 06:19:14]

C:\Documents and Settings\Daddy\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - M:\LimeWire\LimeWire.exe [2007-09-17 06:19:14]
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-08-27 11:37:56]

C:\Documents and Settings\Mario 64\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - M:\LimeWire\LimeWire.exe [2007-09-17 06:19:14]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-16 17:26:43]
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE [2007-11-06 10:40:23]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
"LockTaskbar"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 16:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Iomega Backup Scheduler.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Iomega Backup Scheduler.lnk
backup=C:\WINDOWS\pss\Iomega Backup Scheduler.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Iomega Icons.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Iomega Icons.lnk
backup=C:\WINDOWS\pss\Iomega Icons.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Iomega Startup Options.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Iomega Startup Options.lnk
backup=C:\WINDOWS\pss\Iomega Startup Options.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IomegaWare.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\IomegaWare.lnk
backup=C:\WINDOWS\pss\IomegaWare.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuikSync.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuikSync.lnk
backup=C:\WINDOWS\pss\QuikSync.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\America Online 9.0\AOL.EXE -b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2007-12-29 07:45 445952 --a------ C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-11-07 16:21 114688 --a------ C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-04-29 13:56 45056 --a------ C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2007-12-29 08:45 1607680 --a------ C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-25 16:52 14384 --a------ C:\Program Files\Common Files\AOL\1134353379\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-06-29 13:33 77824 --a------ C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 13:12 32768 --a------ C:\Program Files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-06-29 13:33 114688 --a------ C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2005-05-15 04:51 184320 --a------ C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVTunerLib]
2005-02-16 17:41 245760 --a------ C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-19 20:08 28672 --a------ C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VZRemoteCommander]
2005-01-31 09:10 192512 --a------ C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe

R3 WNIPROT5;WNIPROT5 Protocol Driver;C:\WINDOWS\System32\WNIPROT5.SYS [2004-08-11 11:15]
R3 Wpsnuio;WPS NDIS Usermode I/O Protocol;C:\WINDOWS\system32\DRIVERS\wpsnuio.sys [2007-05-01 12:11]
S3 Airgo;Belkin Wireless Pre-N Notebook Network Driver;C:\WINDOWS\system32\DRIVERS\wnihdd51.sys [2004-08-13 07:43]
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys [2002-12-13 00:06]
S3 SONYTVC;Sony MPEG RR-Engine;C:\WINDOWS\system32\DRIVERS\SONYTVC.sys [2005-03-18 09:01]
S3 zenos1;zenos1;M:\Program Files\GameCheetah\Zenos Engine\zenos.sys [2006-12-10 21:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a1a2044-69f8-11dc-a85e-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2516c516-13b4-11dc-a797-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c03e1fb-6f68-11dc-a86a-00038a000015}]
\Shell\AutoRun\command - F:\MigoSync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8580f1d4-5a55-11dc-a83a-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94f6785b-7bd0-11db-a64f-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-03 23:23:38 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-08-16 18:15:40 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-08-16 18:15:38 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 15:56:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-03 16:02:04 - machine was rebooted [Super Luigi]
ComboFix-quarantined-files.txt 2008-01-04 00:01:58
ComboFix2.txt 2008-01-03 19:29:02
Attached Files
File Type: txt cf.txt (139.5 KB, 1 views)
Last edited by sUBs; 01-04-2008 at 01:29 AM.
Starrodkirby86 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-03-2008, 07:20 PM   #11 (permalink)
Registered User
 
Starrodkirby86's Avatar
 
Join Date: Dec 2007
Location: In America! :D
Posts: 16
OS: Windows XP Home Edition Service Pack 2


Send a message via AIM to Starrodkirby86 Send a message via MSN to Starrodkirby86 Send a message via Yahoo to Starrodkirby86 Send a message via Skype™ to Starrodkirby86
Re: Windows Explorer abruptly rises and closes (Log enclosed and etc.)
This is the latest HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:18:50 PM, on 1/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\aniServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\NCTV\bin\dm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\mcafee\msc\mcuimgr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
M:\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134353379\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?40877aaf58854a5dab6d5ee7b7dd9fd8
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?40877aaf58854a5dab6d5ee7b7dd9fd8
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.pw.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198968149640
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.pw.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - Unknown owner - C:\Program Files\Common Files\AOL\1134353379\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe (file missing)
O23 - Service: Download Manager Lite Service (DownloadManagerLite) - NetCableTV - C:\PROGRA~1\NCTV\bin\dm.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee McShield (McShield) - Unknown owner - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe (file missing)
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WPS Scanner Service (WPSScannerSvc) - Skyhook Wireless - C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe

--
End of file - 16169 bytes
Starrodkirby86 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-04-2008, 01:37 AM   #12 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,444
OS: N/A


Re: Windows Explorer abruptly rises and closes (Log enclosed and etc.)
Open NOTEPAD.exe and copy/paste the text in the quotebox below:

Code:
----a-w           368,706 2007-12-28 20:26:10  C:\Program Files\BroadJump\Client Foundation\CFD .exe
----a-w         6,946,816 2007-12-28 20:26:34  C:\Program Files\Dantz\Retrospect Express HD\RetroExpress .exe
----a-w           823,296 2007-12-28 20:26:17  C:\Program Files\Maxtor\OneTouch\Utils\Onetouch .exe
----a-w         5,674,352 2007-12-29 04:17:54  C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w           657,920 2007-12-29 15:45:25  C:\Program Files\QuickTime\qttask .exe
----a-w            49,152 2007-12-28 20:26:26  C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2 .exe
----a-w           204,288 2007-12-28 20:27:13  C:\Program Files\Windows Media Player\WMPNSCFG .exe
----a-w         4,670,704 2007-12-28 20:27:34  C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
----a-w           546,304 2007-12-28 20:26:44  C:\WINDOWS\BBSTORE\DSS\DSSAGENT .EXE
Save this as Log.txt. Then download this tool :> http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe
Place the tool next to Log.txt




Refering to the picture above, drag Log.txt into RenV.exe

When finished, it shall produce a log for you. Post that log in your next reply


--------------


Open NOTEPAD.exe again. Copy/paste the text in the quotebox below into it:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (
"C:\Documents and Settings\Super Luigi\Application Data\Sun\Java\Deployment\cache\6.0\24\3e021ed8-47e5d0c5"
"C:\WINDOWS\SudokuInstaller.exe"
) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
for %%g in (
"%systemdrive%\VundoFix Backups"
%systemdrive%\Deckard
%systemdrive%\Qoobox
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!
nircmd wait 7000
del %0
Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run

Post back to tell me what it says
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-04-2008, 10:56 AM   #13 (permalink)
Registered User
 
Starrodkirby86's Avatar
 
Join Date: Dec 2007
Location: In America! :D
Posts: 16
OS: Windows XP Home Edition Service Pack 2


Send a message via AIM to Starrodkirby86 Send a message via MSN to Starrodkirby86 Send a message via Yahoo to Starrodkirby86 Send a message via Skype™ to Starrodkirby86
Re: Windows Explorer abruptly rises and closes (Log enclosed and etc.)
I can smell that we're almost done.

Log to RenV Progress: It said that none of the files can be found. The only other different one was Qtask for Quicktime, which had a Cannot Find File and an Access Denied rather than the typical ones in it. I couldn't get a report. I also tried it on Safe Mode...any other way of doing this or something?

For Fix.bat however, Deleted Successfully !! came up, which is a good thing. :D
Starrodkirby86 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-04-2008, 11:04 AM   #14 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,444
OS: N/A


Re: Windows Explorer abruptly rises and closes (Log enclosed and etc.)
Please delete your existing copy of ComboFix
Then download the latest copy from here

Run it by double clicking ComboFix.exe. Kindly post the log that's produced
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-04-2008, 11:29 AM   #15 (permalink)
Registered User
 
Starrodkirby86's Avatar
 
Join Date: Dec 2007
Location: In America! :D
Posts: 16
OS: Windows XP Home Edition Service Pack 2


Send a message via AIM to Starrodkirby86 Send a message via MSN to Starrodkirby86 Send a message via Yahoo to Starrodkirby86 Send a message via Skype™ to Starrodkirby86
Re: Windows Explorer abruptly rises and closes (Log enclosed and etc.)
Here's the ComboFix log of truth! :D

ComboFix 08-01-05.1 - Super Luigi 2008-01-04 10:13:52.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.279 [GMT -8:00]
Running from: C:\Documents and Settings\Super Luigi\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-04 09:38 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-04 09:37 . 2008-01-04 09:38 <DIR> d-------- C:\Program Files\Java
2008-01-04 09:37 . 2008-01-04 09:37 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-04 09:15 . 2008-01-04 09:45 98,816 --a------ C:\Documents and Settings\Super Luigi\sed.exe
2008-01-04 09:15 . 2008-01-04 09:45 27,136 --a------ C:\Documents and Settings\Super Luigi\nircmd.exe
2008-01-03 18:21 . 2008-01-03 18:21 <DIR> d-------- C:\Program Files\Viewpoint
2008-01-03 18:21 . 2008-01-03 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-03 17:47 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-03 17:47 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-03 16:06 . 2008-01-03 18:16 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-03 13:20 . 2008-01-03 13:20 <DIR> d-------- C:\Program Files\MetaStream
2008-01-03 11:25 . 2008-01-03 11:25 3,634 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-01-03 10:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 09:21 . 2008-01-01 09:21 <DIR> d-------- C:\WINDOWS\system32\McAfee
2007-12-31 14:51 . 2008-01-02 10:28 12,510 --a------ C:\warriordragon.png
2007-12-31 09:00 . 2007-12-31 09:00 878,354 --a------ C:\kane.jpg
2007-12-29 13:39 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-12-29 13:39 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-12-29 13:39 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-12-29 13:39 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-12-29 13:39 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-12-29 13:38 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2007-12-29 13:38 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2007-12-29 13:38 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2007-12-29 13:38 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2007-12-29 13:38 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2007-12-29 13:38 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-12-29 13:38 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2007-12-29 13:38 . 2004-08-03 23:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2007-12-29 13:38 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2007-12-29 13:36 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2007-12-29 13:35 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2007-12-29 13:34 . 2001-08-17 14:56 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
2007-12-29 13:33 . 2001-08-17 14:56 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2007-12-29 13:32 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2007-12-29 13:31 . 2001-08-17 14:56 147,200 --a--c--- C:\WINDOWS\system32\dllcache\smidispb.dll
2007-12-29 13:30 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2007-12-29 13:29 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2007-12-29 13:28 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2007-12-29 13:27 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2007-12-29 13:26 . 2004-08-04 00:56 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll
2007-12-29 13:25 . 2004-08-04 00:56 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll
2007-12-29 13:24 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2007-12-29 13:23 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
2007-12-29 13:22 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2007-12-29 13:21 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2007-12-29 13:20 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2007-12-29 13:19 . 2001-08-17 22:36 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2007-12-29 13:19 . 2001-08-17 22:36 45,568 --a--c--- C:\WINDOWS\system32\dllcache\kdsui.dll
2007-12-29 13:19 . 2001-08-17 22:36 37,376 --a--c--- C:\WINDOWS\system32\dllcache\kousd.dll
2007-12-29 13:19 . 2004-08-03 22:59 34,688 --a--c--- C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2007-12-29 13:19 . 2001-08-17 13:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\irstusb.sys
2007-12-29 13:19 . 2001-08-17 12:12 26,442 --a--c--- C:\WINDOWS\system32\dllcache\lanepic5.sys
2007-12-29 13:19 . 2001-08-17 12:11 25,065 --a--c--- C:\WINDOWS\system32\dllcache\lmndis3.sys
2007-12-29 13:19 . 2001-08-17 12:12 19,016 --a--c--- C:\WINDOWS\system32\dllcache\ktc111.sys
2007-12-29 13:19 . 2001-08-17 13:51 15,744 --a--c--- C:\WINDOWS\system32\dllcache\lit220p.sys
2007-12-29 13:17 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2007-12-29 13:16 . 2001-08-17 13:28 542,879 --a--c--- C:\WINDOWS\system32\dllcache\hsf_msft.sys
2007-12-29 13:15 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2007-12-29 13:14 . 2001-08-17 12:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys
2007-12-29 13:13 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2007-12-29 13:12 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2007-12-29 13:11 . 2001-08-17 22:36 419,357 --a--c--- C:\WINDOWS\system32\dllcache\dgconfig.dll
2007-12-29 13:10 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2007-12-29 13:09 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2007-12-29 13:08 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2007-12-29 13:07 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2007-12-29 12:57 . 2007-12-29 12:57 <DIR> d-------- C:\Documents and Settings\Super Luigi\Application Data\Uniblue
2007-12-29 08:58 . 2007-12-29 08:58 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-29 08:08 . 2007-12-29 08:58 118 --a------ C:\WINDOWS\system32\MRT.INI
2007-12-28 15:44 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2007-12-28 15:22 . 2007-12-31 09:12 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-28 15:22 . 2007-12-31 09:12 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-28 15:22 . 2007-12-31 09:12 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-28 15:21 . 2007-12-31 13:30 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-28 14:41 . 2002-12-29 01:14 81,920 --a------ C:\WINDOWS\system32\Startup.cpl
2007-12-28 13:25 . 2007-12-28 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-28 11:56 . 2007-12-28 11:56 4,274 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-28 11:33 . 2007-12-28 11:33 1,283,174 --a------ C:\Install
2007-12-24 15:28 . 2007-12-24 15:28 102,405 --a------ C:\map.JPG
2007-12-24 10:10 . 2007-12-24 10:10 55,270 --a------ C:\Novasonic2.bmp
2007-12-24 10:07 . 2007-12-24 10:07 55,270 --a------ C:\Novasonic.bmp
2007-12-23 14:15 . 2007-12-23 17:52 21 --a------ C:\WINDOWS\lqwincd.ini
2007-12-21 13:06 . 2007-12-21 13:06 4,374 --a------ C:\RMG2000.zip
2007-12-19 21:51 . 2007-12-19 21:51 326,132 --a------ C:\shockwave.jpg
2007-12-19 21:40 . 2007-12-19 21:40 37,686 --a------ C:\Toasty.bmp
2007-12-09 16:00 . 2007-12-09 16:00 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-09 15:56 . 2007-12-09 15:59 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-06 21:51 . 2007-12-06 21:51 <DIR> d-------- C:\Documents and Settings\Super Luigi\Application Data\Viewpoint
2007-12-06 18:23 . 2007-12-06 18:23 168,534 --a------ C:\logo.bmp
2007-12-06 10:45 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-06 10:45 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-12-06 10:44 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-12-06 10:44 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 17:45 --------- d-----w C:\Program Files\MSN Messenger
2008-01-03 19:19 --------- d-----w C:\Program Files\AIM6
2008-01-03 18:58 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-03 18:58 --------- d-----w C:\Program Files\BitTorrent
2008-01-03 18:58 --------- d-----w C:\Program Files\America Online 9.0
2008-01-03 15:50 --------- d-----w C:\Program Files\QuickTime
2007-12-31 21:00 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-30 18:40 --------- d-----w C:\Program Files\Google
2007-12-28 23:39 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-28 22:20 --------- d-----w C:\Program Files\Web Publish
2007-12-28 20:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\RetroExp
2007-12-28 20:30 --------- d-----w C:\Documents and Settings\Super Luigi\Application Data\BitTorrent
2007-12-28 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-26 21:44 --------- d-----w C:\Documents and Settings\Super Luigi\Application Data\U3
2007-12-23 18:09 --------- d-----w C:\Documents and Settings\Super Luigi\Application Data\Canon
2007-12-23 08:09 --------- d-----w C:\Documents and Settings\Super Luigi\Application Data\Skype
2007-12-09 23:54 --------- d-----w C:\Program Files\Windows Media Connect
2007-12-09 06:17 --------- d-----w C:\Program Files\The Learning Company
2007-11-24 06:20 --------- d-----w C:\Documents and Settings\LocalService\Application Data\McAfee
2007-11-23 00:56 --------- d-----w C:\Documents and Settings\Super Luigi\Application Data\Leadertech
2007-11-22 03:32 --------- d-----w C:\Program Files\McAfee
2007-11-18 18:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-17 05:19 --------- d-----w C:\Program Files\ffdshow
2007-11-13 20:49 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Sony Corporation
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 04:48 --------- d-----w C:\Documents and Settings\Super Luigi\Application Data\CELSYS
2007-11-06 18:51 --------- d-----w C:\Program Files\Serif
2007-11-06 18:50 --------- d-----w C:\Program Files\Broderbund
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-06 02:21 57,344 ----a-w C:\WINDOWS\TADSUINS.EXE
2007-03-05 00:18 51,763 ----a-w C:\Documents and Settings\Mario 64\millie-1.0-win32.zip
2006-01-02 21:28 90,112 ----a-w C:\Documents and Settings\Mario 64\Millie.exe
2006-01-02 20:46 468 ----a-w C:\Documents and Settings\Mario 64\extract.bat
2006-01-02 20:46 432 ----a-w C:\Documents and Settings\Mario 64\insert.bat
2002-10-04 23:09 204,800 ----a-w C:\WINDOWS\inf\FXPlugin.dll
2007-02-11 03:53 56 --sh--r C:\WINDOWS\system32\17F8A87290.sys
.
Code:
<pre>
----a-w           657,920 2007-12-29 15:45:25  C:\Program Files\QuickTime\qttask .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-12-29 08:46 411648]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2007-12-29 08:45 1607680]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [ ]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2007-12-29 08:46 425472]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-09 15:56 6746112]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [ ]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-29 07:45 445952]
"HostManager"="C:\Program Files\Common Files\AOL\1134353379\ee\AOLSoftware.exe" [2007-12-29 07:45 425472]
"MaxtorOneTouch"="C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe" [ ]
"RetroExpress"="C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe" [ ]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [ ]
"OASClnt"="C:\Program Files\mcafee.com\antivirus\oasclnt.exe" [ ]
"EmailScan"="C:\Program Files\mcafee.com\antivirus\mcvsescn.exe" [ ]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-29 07:45 529408]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-12-29 07:45 370688]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-12-29 07:45 389120]
"DSS"="C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - M:\LimeWire\LimeWire.exe [2007-09-17 06:19:14]

C:\Documents and Settings\Daddy\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - M:\LimeWire\LimeWire.exe [2007-09-17 06:19:14]
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-08-27 11:37:56]

C:\Documents and Settings\Mario 64\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - M:\LimeWire\LimeWire.exe [2007-09-17 06:19:14]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-16 17:26:43]
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE [2007-11-06 10:40:23]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
"LockTaskbar"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 16:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Iomega Backup Scheduler.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Iomega Backup Scheduler.lnk
backup=C:\WINDOWS\pss\Iomega Backup Scheduler.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Iomega Icons.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Iomega Icons.lnk
backup=C:\WINDOWS\pss\Iomega Icons.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Iomega Startup Options.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Iomega Startup Options.lnk
backup=C:\WINDOWS\pss\Iomega Startup Options.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IomegaWare.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\IomegaWare.lnk
backup=C:\WINDOWS\pss\IomegaWare.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuikSync.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuikSync.lnk
backup=C:\WINDOWS\pss\QuikSync.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2007-12-29 08:46 425472 C:\Program Files\America Online 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
--a------ 2007-12-29 07:45 445952 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2003-11-07 16:21 114688 C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--a------ 2005-04-29 13:56 45056 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2007-12-29 08:45 1607680 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 16:52 14384 C:\Program Files\Common Files\AOL\1134353379\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-06-29 13:33 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
--a------ 2004-02-20 13:12 32768 C:\Program Files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2007-12-29 07:45 432128 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2007-12-29 08:45 2234880 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-06-09 15:56 6746112 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2005-06-29 13:33 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
--a------ 2004-04-05 13:33 99480 C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-03-14 19:40 208941 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-06-29 12:25 14720000 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
--a------ 2005-05-15 04:51 184320 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVTunerLib]
--a------ 2005-02-16 17:41 245760 C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
--a------ 2003-04-19 20:08 28672 C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VZRemoteCommander]
--a------ 2005-01-31 09:10 192512 C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe

R2 ANISERVICE;Airgo Networks NIC Service;C:\WINDOWS\System32\aniServ.exe [2004-08-11 11:00]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 16:26]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-04-05 12:06]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 16:23]
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a1a2044-69f8-11dc-a85e-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2516c516-13b4-11dc-a797-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c03e1fb-6f68-11dc-a86a-00038a000015}]
\Shell\AutoRun\command - F:\MigoSync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8580f1d4-5a55-11dc-a83a-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94f6785b-7bd0-11db-a64f-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-05 18:19:03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-08-16 18:15:40 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-08-16 18:15:38 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 10:22:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-05 10:26:25
ComboFix2.txt 2008-01-04 00:02:04
Starrodkirby86 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-04-2008, 12:25 PM   #16 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,444
OS: N/A


Re: Windows Explorer abruptly rises and closes (Log enclosed and etc.)
Quote:
different one was Qtask for Quicktime, which had a Cannot Find File and an Access Denied rather than the typical ones in it.
Please try this ...

Navigate to the folder - C:\Program Files\QuickTime\
Locate the file - qttask .exe
Right Click on the file & select 'Rename'
Type in QTTask.exe & press 'Enter'
Then double click on the renamed file. You should have a QuickTime logo in your taskbar notification area.


-----------


The battle is over but the casualty list is long. These are the files that were sacrificed along the way:

C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

If you need to use any of those programs, you shall need to re-install the programs.


-----------


Please run this next step to clean up the orphaned entries left by the infection.

Open NOTEPAD.exe and copy/paste the text in the quotebox below:
(don't forget to copy and paste REGEDIT4)

Quote:
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"=-
"msnmsgr"=-
"WMPNSCFG"=-
"Yahoo! Pager"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"=-
"DSS"=-
"EmailScan"=-
"ISUSPM Startup"=-
"MaxtorOneTouch"=-
"OASClnt"=-
"OpwareSE2"=-
"RetroExpress"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
Save this as fix.reg Choose to "Save type as - All Files"
It should look like this:
Double click on fix.reg & allow it to merge into the registry

Let me know how that went
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-04-2008, 12:34 PM   #17 (permalink)
Registered User
 
Starrodkirby86's Avatar
 
Join Date: Dec 2007
Location: In America! :D
Posts: 16
OS: Windows XP Home Edition Service Pack 2


Send a message via AIM to Starrodkirby86 Send a message via MSN to Starrodkirby86 Send a message via Yahoo to Starrodkirby86 Send a message via Skype™ to Starrodkirby86
Re: Windows Explorer abruptly rises and closes (Log enclosed and etc.)
Thank for all of this. However, QTTask is being a very mean one and is not wanting to be renamed. "Access is denied. The disk may write protected or the process is in use." or along the lines of that. It shouldn't be running because I can't find the process on the Task Manager, and it wouldn't even let me retain its original name. Something is blocking it very much I guess...


On the bright side, the fix.reg successfully merged with the Registry Editor, or so the message side. :D
Starrodkirby86 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-04-2008, 12:48 PM   #18 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,444
OS: N/A


Re: Windows Explorer abruptly rises and closes (Log enclosed and etc.)
Only thing that will block it is your Security Programs.

Rather than waste time figuring out which one, please download & install Unlocker. After installation, usage is simple. Go right up to the file, right click it & select 'Unlocker'
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-04-2008, 01:03 PM   #19 (permalink)
Registered User
 
Starrodkirby86's Avatar
 
Join Date: Dec 2007
Location: In America! :D
Posts: 16
OS: Windows XP Home Edition Service Pack 2


Send a message via AIM to Starrodkirby86 Send a message via MSN to Starrodkirby86 Send a message via Yahoo to Starrodkirby86 Send a message via Skype™ to Starrodkirby86
Re: Windows Explorer abruptly rises and closes (Log enclosed and etc.)
All right, on the case for the QTTask.exe, I renamed it via Unlocker. It said that there was no lock handler though. But I renamed it anyway. When I double clicked, it said that Windows cannot access it probably because I do not have the right permissions. I am the administrator though, it might be that it's one of those casualty things you mentioned and I can't access it and reinstall or a registry is dealing with it...:\
Starrodkirby86 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-04-2008, 01:06 PM   #20 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,444
OS: N/A


Re: Windows Explorer abruptly rises and closes (Log enclosed and etc.)
Please have unlocker delete the file. We can always get a new copy from QuickTime
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 12:19 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85