|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
01-13-2008, 10:15 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jan 2008
Posts: 71
OS: Windows Vista
|
Completed 2/5 steps - please look over this and tell me what to do
Here is my log:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:05:14 PM, on 1/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F3 - REG:win.ini: load=C:\WINDOWS\system32\vtutq.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass .exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\RunOnce: [AOLRebootNeeded] regsvr32.exe /s O4 - HKLM\..\RunOnce: [VundoFix] "C:\Documents and Settings\Owner\Desktop\vundofix.exe" O4 - HKLM\..\RunOnce: [SpybotDeletingA7973] command /c del "C:\Documents and Settings\Owner\Local Settings\Temp\gos1E.tmp_tobedeleted_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC5299] cmd /c del "C:\Documents and Settings\Owner\Local Settings\Temp\gos1E.tmp_tobedeleted_old" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize O4 - HKCU\..\RunOnce: [SpybotDeletingB2782] command /c del "C:\Documents and Settings\Owner\Local Settings\Temp\gos1E.tmp_tobedeleted_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD8803] cmd /c del "C:\Documents and Settings\Owner\Local Settings\Temp\gos1E.tmp_tobedeleted_old" O4 - Startup: findfast .exe O4 - Startup: findfast .exe O4 - Startup: findfast .exe O4 - Startup: findfast .exe O4 - Global Startup: autorun .exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/def...x.1.0.0.87.cab O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/def...GameLoader.cab O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/def...s.1.0.0.39.cab O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/def...caploader1.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/def...jolauncher.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRD.../heartbeat.cab O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/def...rsion=1,0,0,10 O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/def...utLauncher.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/def...a.1.0.0.46.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 7712 bytes I completed two out of the five recommended steps, and now need help to get rid of whatever is plaguing my system. When running VundoFix, I have one recurring file that cannot be deleted, and VundoFix will reboot, and the same pattern keeps appearing. Also, I have been prevented from opening Control Panel, and anything having to do with it, and I fear I will be unable to ever open it. Is there ANY way around this? I have already gone into the system32 folder, and am still unable to open it, it says access is denied, although I am on the Administrator account. win32.d(something, b or h) keeps appearing in Spybot, I will fix it, and it will reappear. How to fix this? I have used: -Spyware Blaster -Spybot S&D -Ad-Aware 2007 -the previous version of above program (2006?) -VundoFix I also uninstalled IE, as it was popping up with virus pages and had other errors. |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
01-13-2008, 10:16 PM
|
#2 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,591
OS: WinXP and Vista
|
Re: Completed 2/5 steps - please look over this and tell me what to do
Hello
I needed you to go all the way through the steps. We prefer a more comprehensive set of logs to assist in detecting any malware that may be present. As noted in the final step (Step 5) of our sticky topic (Updated!) IMPORTANT - Read This Before Posting A Log, download Deckard's System Scanner (DSS) to your Desktop. What DSS will do:
Note: You must be logged onto an account with administrator privileges.
Please include the following in your next reply: main.txt an attached extra.txt |
|
|
|
|
01-13-2008, 10:19 PM
|
#3 (permalink) |
|
Registered User
Join Date: Jan 2008
Posts: 71
OS: Windows Vista
|
Re: Completed 2/5 steps - please look over this and tell me what to do
Edit: Cannot use DSS unless I am out of Safe Mode, but is it safe to run it in Safe Mode? The viruses run if it is NOT in Safe Mode
Last edited by omgmizzle; 01-13-2008 at 10:21 PM. |
|
|
|
|
01-13-2008, 10:28 PM
|
#4 (permalink) |
|
Registered User
Join Date: Jan 2008
Posts: 71
OS: Windows Vista
|
Re: Completed 2/5 steps - please look over this and tell me what to do
SmitFraudFix v2.274
Scan done at 21:26:45.37, Sun 01/13/2008 Run from C:\Program Files\Mozilla Firefox\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\Program Files\Helper\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{0DB88A7D-2C12-439D-82D0-BF804E740A17}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{0DB88A7D-2C12-439D-82D0-BF804E740A17}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{0DB88A7D-2C12-439D-82D0-BF804E740A17}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End That is the SmitfraudFix log. |
|
|
|
|
01-13-2008, 10:44 PM
|
#6 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,591
OS: WinXP and Vista
|
Re: Completed 2/5 steps - please look over this and tell me what to do
Please run dss.exe from Safe Mode. I'll still be able to see what I need. Do that now before I have to turn in for the night.
|
|
|
|
|
01-13-2008, 10:47 PM
|
#8 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,591
OS: WinXP and Vista
|
Re: Completed 2/5 steps - please look over this and tell me what to do
You're welcome.
 It should only take about 10 minutes to run. |
|
|
|
|
01-13-2008, 10:49 PM
|
#9 (permalink) |
|
Registered User
Join Date: Jan 2008
Posts: 71
OS: Windows Vista
|
Re: Completed 2/5 steps - please look over this and tell me what to do
Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-13 21:46:02 Computer is in Safe Mode with Networking. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Failed to create restore point; computer is in safe mode. -- Last 5 Restore Point(s) -- 89: 2008-01-13 05:22:41 UTC - RP407 - Software Distribution Service 3.0 88: 2008-01-12 20:02:49 UTC - RP406 - Software Distribution Service 3.0 87: 2008-01-12 05:13:50 UTC - RP405 - System Checkpoint 86: 2008-01-11 04:13:40 UTC - RP404 - System Checkpoint 85: 2008-01-10 01:23:11 UTC - RP403 - Software Distribution Service 3.0 -- First Restore Point -- 1: 2008-01-09 06:53:22 UTC - RP319 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:47:01 PM, on 1/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Owner\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F3 - REG:win.ini: load=C:\WINDOWS\system32\vtutq.exe O2 - BHO: (no name) - {05AB4120-EC20-4DB3-821A-DD83F15C09BE} - C:\WINDOWS\system32\mljge.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} - C:\WINDOWS\system32\hggfecb.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {9F8808B0-DAA4-41E3-BD77-EE166B7AA0D9} - C:\WINDOWS\system32\pmkhi.dll (file missing) O2 - BHO: (no name) - {E2FAB54B-08FC-4214-9F40-83CDB2B410D2} - C:\WINDOWS\system32\mllmk.dll (file missing) O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass .exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\RunOnce: [AOLRebootNeeded] regsvr32.exe /s O4 - HKLM\..\RunOnce: [VundoFix] "C:\Documents and Settings\Owner\Desktop\vundofix.exe" O4 - HKLM\..\RunOnce: [SpybotDeletingA7973] command /c del "C:\Documents and Settings\Owner\Local Settings\Temp\gos1E.tmp_tobedeleted_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC5299] cmd /c del "C:\Documents and Settings\Owner\Local Settings\Temp\gos1E.tmp_tobedeleted_old" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize O4 - HKCU\..\RunOnce: [SpybotDeletingB2782] command /c del "C:\Documents and Settings\Owner\Local Settings\Temp\gos1E.tmp_tobedeleted_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD8803] cmd /c del "C:\Documents and Settings\Owner\Local Settings\Temp\gos1E.tmp_tobedeleted_old" O4 - Startup: findfast .exe O4 - Startup: findfast .exe O4 - Startup: findfast .exe O4 - Startup: findfast .exe O4 - Global Startup: autorun .exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/def...x.1.0.0.87.cab O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/def...GameLoader.cab O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/def...s.1.0.0.39.cab O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/def...caploader1.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/def...jolauncher.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRD.../heartbeat.cab O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/def...rsion=1,0,0,10 O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/def...utLauncher.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/def...a.1.0.0.46.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 8332 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- S3 AmdLLD (AMD Low Level Device Driver) - c:\windows\system32\drivers\amdlld.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: PCI Simple Communications Controller Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200014F1&REV_00\4&2E26DDEC&0&08A4 Manufacturer: Name: PCI Simple Communications Controller PNP Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200014F1&REV_00\4&2E26DDEC&0&08A4 Service: -- Scheduled Tasks ------------------------------------------------------------- 2008-01-11 20:22:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-12-13 and 2008-01-13 ----------------------------- 2008-01-13 21:27:08 4022 --a------ C:\WINDOWS\system32\tmp.reg 2008-01-13 21:24:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft 2008-01-13 21:24:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-01-13 21:16:58 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-01-13 21:16:58 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2008-01-13 21:16:58 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-01-13 21:16:58 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-01-13 21:16:58 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-01-13 21:16:58 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-01-13 20:57:08 0 d-------- C:\Program Files\SpywareBlaster 2008-01-13 20:54:44 337920 --a------ C:\WINDOWS\system32\vtutq.exe 2008-01-13 20:54:40 20287 --ahs---- C:\WINDOWS\system32\qtutv.ini2 2008-01-13 20:54:35 334336 --a------ C:\WINDOWS\system32\vtutq.dll 2008-01-13 16:09:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla 2008-01-13 15:54:10 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2008-01-13 15:38:33 0 d--h----- C:\Documents and Settings\Administrator\Templates 2008-01-13 15:38:33 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2008-01-13 15:38:33 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2008-01-13 15:38:33 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2008-01-13 15:38:33 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2008-01-13 15:38:33 0 d-------- C:\Documents and Settings\Administrator\My Documents 2008-01-13 15:38:33 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2008-01-13 15:38:33 0 d-------- C:\Documents and Settings\Administrator\Favorites 2008-01-13 15:38:33 0 d-------- C:\Documents and Settings\Administrator\Desktop 2008-01-13 15:38:33 0 d---s---- C:\Documents and Settings\Administrator\Cookies 2008-01-13 15:38:33 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2008-01-13 15:38:33 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2008-01-13 15:38:32 1835008 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2008-01-13 14:19:46 0 d-------- C:\Program Files\Trend Micro 2008-01-13 14:17:00 0 d-------- C:\VundoFix Backups 2008-01-11 23:04:52 66048 --a------ C:\WINDOWS\ieResetIcons.exe <Not Verified; Microsoft Corporation; Windows® Internet Explorer> 2008-01-11 12:41:26 0 d-------- C:\Documents and Settings\Owner\Application Data\EasySpywareCleaner.com 2008-01-11 12:40:51 19080 --a------ C:\WINDOWS\system32\ctfmona .exe 2008-01-11 03:31:45 0 d-------- C:\Program Files\EasySpywareCleaner 2008-01-11 03:07:51 18944 --a------ C:\WINDOWS\system32\wowfx.dll 2008-01-08 18:44:25 0 --a------ C:\Install 2008-01-08 18:44:21 0 d-------- C:\Program Files\Outerinfo 2008-01-08 18:44:14 35328 -----n--- C:\WINDOWS\system32\hggfecb.dll 2007-12-19 17:31:44 118784 --a------ C:\WINDOWS\dsdxirmv.exe 2007-12-15 15:49:01 0 d-------- C:\Program Files\Cakewalk 2007-12-15 15:49:01 0 d-------- C:\Cakewalk Projects 2007-12-15 15:30:37 0 d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor 2007-12-15 15:28:24 0 d-------- C:\Linksys Driver 2007-12-14 02:33:18 8388608 --a------ C:\Documents and Settings\Owner\ntuser.dat -- Find3M Report --------------------------------------------------------------- 2008-01-13 21:28:35 0 d-------- C:\Program Files\iTunes 2008-01-13 21:28:33 0 d-------- C:\Program Files\QuickTime 2008-01-13 21:00:43 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-01-13 15:51:26 0 d-------- C:\Program Files\Common Files 2008-01-13 15:49:55 0 d-------- C:\Program Files\Viewpoint 2008-01-13 15:48:28 0 d-------- C:\Program Files\Registry Cleaner Trial 2008-01-13 15:47:49 0 d-------- C:\Program Files\MySpace 2008-01-13 15:45:40 0 d-------- C:\Program Files\Yahoo! 2008-01-13 15:43:50 0 d-------- C:\Program Files\LimeWire 2008-01-13 15:41:58 0 d-------- C:\Program Files\Common Files\AOL 2008-01-13 13:52:07 0 d-------- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2 2008-01-09 16:50:47 0 d-------- C:\Program Files\Yahoo! Games 2007-12-28 13:01:32 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-12-27 16:54:11 0 d-------- C:\Documents and Settings\Owner\Application Data\PlayFirst 2007-12-23 17:07:24 0 d-------- C:\Program Files\Diablo II 2007-12-15 15:49:23 0 d--h----- C:\Program Files\InstallShield Installation Information -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05AB4120-EC20-4DB3-821A-DD83F15C09BE}] C:\WINDOWS\system32\mljge.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}] 01/08/2008 06:44 PM 35328 --------- C:\WINDOWS\system32\hggfecb.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F8808B0-DAA4-41E3-BD77-EE166B7AA0D9}] C:\WINDOWS\system32\pmkhi.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2FAB54B-08FC-4214-9F40-83CDB2B410D2}] C:\WINDOWS\system32\mllmk.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [08/03/2006 05:12 AM C:\WINDOWS\soundman.exe] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [01/13/2008 09:28 PM] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [01/13/2008 09:28 PM] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [01/13/2008 09:28 PM] "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [01/13/2008 09:28 PM] "SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [01/13/2008 09:28 PM] "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [01/13/2008 09:28 PM] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [01/13/2008 09:28 PM] "zzzHPSETUP"="D:\Setup.exe" [] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [01/13/2008 09:28 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/13/2008 09:28 PM] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/13/2008 09:28 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/13/2008 09:28 PM] "lsass"="C:\WINDOWS\lsass .exe" [] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [01/13/2008 09:28 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [] "Aim6"="C:\Program Files\AIM6\aim6.exe" [] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/13/2008 09:28 PM] "Registry Cleaner"="C:\Program Files\Registry Cleaner Trial\Regclean.exe" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "SpybotDeletingB2782"=command /c del "C:\Documents and Settings\Owner\Local Settings\Temp\gos1E.tmp_tobedeleted_old" "SpybotDeletingD8803"=cmd /c del "C:\Documents and Settings\Owner\Local Settings\Temp\gos1E.tmp_tobedeleted_old" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "AOLRebootNeeded"=regsvr32.exe /s "VundoFix"="C:\Documents and Settings\Owner\Desktop\vundofix.exe" "SpybotDeletingA7973"=command /c del "C:\Documents and Settings\Owner\Local Settings\Temp\gos1E.tmp_tobedeleted_old" "SpybotDeletingC5299"=cmd /c del "C:\Documents and Settings\Owner\Local Settings\Temp\gos1E.tmp_tobedeleted_old" C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ findfast .exe [1/13/2008 9:28:23 PM] findfast .exe [1/13/2008 9:28:24 PM] findfast .exe [1/13/2008 9:28:24 PM] findfast .exe [1/13/2008 9:28:24 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ autorun .exe [1/12/2008 10:35:29 PM] HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/11/2005 11:49:24 PM] QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [7/23/2007 8:22:05 PM] Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2/1/2007 7:38:18 AM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}"= C:\WINDOWS\system32\hggfecb.dll [01/08/2008 06:44 PM 35328] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\WINDOWS\system32\wowfx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtutq [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, , xlibgfl254.dll, , , wowfx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32f8ce28-469c-11dc-bbbf-0013d3b1bb15}] AutoRun\command- J:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9a92e7e-5d4e-11dc-bbeb-0013d3b1bb15}] AutoRun\command- I:\LaunchU3.exe -a *Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER *Newly Created Service* - AVG_ANTI-SPYWARE_GUARD -- End of Deckard's System Scanner: finished at 2008-01-13 21:47:30 ------------ this is main.txt |
|
|
|
|
01-13-2008, 10:50 PM
|
#10 (permalink) |
|
Registered User
Join Date: Jan 2008
Posts: 71
OS: Windows Vista
|
Re: Completed 2/5 steps - please look over this and tell me what to do
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Athlon(tm) 64 Processor 3200+ Percentage of Memory in Use: 28% Physical Memory (total/avail): 894.48 MiB / 639.07 MiB Pagefile Memory (total/avail): 2167.86 MiB / 1957.34 MiB Virtual Memory (total/avail): 2047.88 MiB / 1934.97 MiB C: is Fixed (NTFS) - 149.05 GiB total, 102.35 GiB free. D: is CDROM (No Media) E: is Removable (No Media) F: is Removable (No Media) G: is Removable (No Media) H: is Removable (No Media) \\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 149.05 GiB - C: \\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device \\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device \\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device \\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Documents and Settings\\pedro\\Application Data\\printer.exe"="C:\\Documents and Settings\\pedro\\Application Data\\printer.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\pedro\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\pedro\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\pedro\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\pedro\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\pedro\\Application Data\\trant.exe"="C:\\Documents and Settings\\pedro\\Application Data\\trant.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\Michelle\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Michelle\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\Michelle\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Michelle\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\Owner\\Application Data\\trant.exe"="C:\\Documents and Settings\\Owner\\Application Data\\trant.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\shell .exe"="C:\\WINDOWS\\shell .exe:*:Enabled:@xpsp2res.dll,-22019" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Disabled:Firefox" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary" "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater" "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare" "C:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary" "C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary" "C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\win21.exe"="C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\win21.exe:*:Enabled:win21" "C:\\Documents and Settings\\pedro\\Application Data\\printer.exe"="C:\\Documents and Settings\\pedro\\Application Data\\printer.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\pedro\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\pedro\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\pedro\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\pedro\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\pedro\\Application Data\\trant.exe"="C:\\Documents and Settings\\pedro\\Application Data\\trant.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\Michelle\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Michelle\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\Michelle\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Michelle\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\Owner\\Application Data\\trant.exe"="C:\\Documents and Settings\\Owner\\Application Data\\trant.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\shell .exe"="C:\\WINDOWS\\shell .exe:*:Enabled:@xpsp2res.dll,-22019" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Owner\Application Data audesktop=C:\DOCUME~1\ALLUSE~1\Desktop aufavorites=C:\DOCUME~1\ALLUSE~1\FAVORI~1 austartm=C:\DOCUME~1\ALLUSE~1\STARTM~1 austartprg=C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs austartup=C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup CancelDNS=Configuration canceled. Check your network settings. ChoixMenu=2 ChoixRegistre=y CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip CleanDNS=Do you want to set your network to dynamic -DHCP- Server ? CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=YOUR-B50C1B1968 ComSpec=C:\WINDOWS\system32\cmd.exe CurDir=C:\Program Files\Mozilla Firefox\SmitfraudFix desktop=C:\DOCUME~1\Owner\Desktop DNSHJ=Your computer may be victim of a DNS Hijack DoReboot=0 DoRestart=0 favorites=C:\DOCUME~1\Owner\FAVORI~1 fixname=SmitFraudFix fixvers=v2.274 FP_NO_HOST_CHECK=NO FSType=NTFS HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Owner huy32Mess=huy32 detected, use a Rootkit scanner KDMess=detected ! lang=int LOGONSERVER=\\YOUR-B50C1B1968 lzx32Mess=lzx32 detected, use a Rootkit scanner msguardMess=msguard detected, use a Rootkit scanner NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH pe386Mess=pe386 detected, use a Rootkit scanner PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=2f02 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip RKScan=use a Rootkit scanner SAFEBOOT_OPTION=NETWORK SafeMDisp=Fix run in safe mode SafeMWarn=Fix run in normal mode sChoice=Enter your choice sDel=Deleted sEnd=End sError=Problem while deleting SESSIONNAME=Console sFound=FOUND ! sFoundLSP=Detected, use LSPFix.exe to delete ! sFSType=The filesystem type is sfxname=C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe sHOSTS=hosts file corrupted ! sInfect=infected ! sInfect2=infected ! sNotFound=not found sProcess=Killing process sRegClean=Registry Cleaning sRegCleanQ=Do you want to clean the registry ? (y/n) sRen=Please, Reboot and Run SmitfraudFix option 2 once again. sRunFrom=Run from sScanDate=Scan done at sSearch=Scanning startm=C:\DOCUME~1\Owner\STARTM~1 startprg=C:\DOCUME~1\Owner\STARTM~1\Programs startup=C:\DOCUME~1\Owner\STARTM~1\Programs\Startup sTempFolder=Deleting Temp Files sTrustBackUp=Saving BackUp sTrustDone=Trusted Zone deleted. sTrustError=*** Error : zone.reg not found *** sTrustQ=Restore Trusted Zone ? (y/n) sWininetQ=Replace infected file ? (y/n) sWiniSearch=Scanning for wininet.dll backup syspath=C:\WINDOWS\system32 SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp USERDOMAIN=YOUR-B50C1B1968 USERNAME=Owner USERPROFILE=C:\Documents and Settings\Owner Version=Microsoft Windows XP [Version 5.1.2600] windir=C:\WINDOWS xpdtMess=xpdt detected, use a Rootkit scanner xpdxMess=xpdx detected, use a Rootkit scanner -- User Profiles --------------------------------------------------------------- Owner (admin) Administrator (admin) Guest (guest) -- Add/Remove Programs --------------------------------------------------------- --> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20} --> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} ATI Catalyst Control Center --> MsiExec.exe /I{6E06A57A-6728-4CFB-AA9A-5149F9C9ADB3} ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40A6C96D-808E-41DD-8716-617AB6B0F1F1}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll Cakewalk Music Creator 2003 --> C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" CEP - Color Enable Package --> "C:\PROGRA~1\EAGAME~1\zCEP_Uninstaller\unins000.exe" Command & Conquer Red Alert 2 --> C:\Westwood\RA2\Uninstll.EXE Command && Conquer Red Alert 2 - Yuri's Revenge --> C:\Westwood\RA2\Uninstll.EXE Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat DreamStation DXi2 --> C:\WINDOWS\DSDXIRMV.EXE C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2 HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP Scanjet 4370 --> C:\Program Files\HP\Digital Imaging\{2766C573-EFD3-4f15-83A5-2788B48994F0}\setup\hpzscr01.exe -datfile hpgscr07.dat HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134} iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033 iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB} J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080} Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP OpenOffice.org 2.1 --> MsiExec.exe /I{43983EB4-43DC-4C3D-9712-1EF592A31CA8} PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064} Pdf995 --> C:\Program Files\TaxCut06\pdf995\setup.exe uninstall PdfEdit995 --> C:\Program Files\TaxCut06\pdf995\res\utilities\thinsetup.exe - uninstall PhotoFiltre --> "C:\Program Files\PhotoFiltre\Uninst.exe" QuickBooks Premier: Nonprofit Edition 2003 --> C:\Program Files\Installshield Installation Information\{237a4b27-78c7-11d6-a394-00104bd190b1}\QBReplace.exe {237a4b27-78c7-11d6-a394-00104bd190b1}#{AD46C591-FB19-11D5-A316-00104BD190B1} QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121} Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471} Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33} Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF} Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF} Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86} Sim File Maid 2 1.0.2 --> C:\Program Files\Sim File Maid 2\uninst.exe Sims2Pack Clean Installer --> C:\Program Files\Sims2Pack Clean Installer\uninstall.exe Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68} TaxCut Premium 2006 --> C:\PROGRA~1\TaxCut06\Program\removetc.exe The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe The Sims 2 Pets --> C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe The Sims™ 2 Seasons --> C:\Program Files\EA GAMES\The Sims 2 Seasons\EAUninstall.exe Update for Office 2007 (KB932080) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7} Update for Office 2007 (KB934391) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5} Update for Office 2007 (KB934393) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15} Update for Outlook 2007 (KB937608) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E} Update for Outlook 2007 Junk Email Filter (kb943597) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A751F0DB-8476-4207-956E-20AEBBA4B1DA} Update for Word 2007 (KB934173) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475} Virtual Sound Canvas DXi --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E10E7FC-36CD-4C22-AC20-9E15692E8C2F}\setup.exe" UNINSTALL_XXX Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" -- Application Event Log ------------------------------------------------------- Event Record #/Type1739 / Error Event Submitted/Written: 01/13/2008 09:47:11 PM Event ID/Source: 11 / crypt32 Event Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Event Record #/Type1738 / Warning Event Submitted/Written: 01/13/2008 08:57:14 PM Event ID/Source: 1015 / MsiInstaller Event Description: Failed to connect to server. Error: 0x8007043C Event Record #/Type1737 / Warning Event Submitted/Written: 01/13/2008 08:57:14 PM Event ID/Source: 1001 / MsiInstaller Event Description: Detection of product '{90120000-0011-0000-0000-0000000FF1CE}', feature 'ProductNonBootFiles' failed during request for component '{22056900-C842-11D1-A0DD-00A0C9054277}' Event Record #/Type1736 / Warning Event Submitted/Written: 01/13/2008 08:57:14 PM Event ID/Source: 1004 / MsiInstaller Event Description: Detection of product '{90120000-0011-0000-0000-0000000FF1CE}', feature 'ProductNonBootFiles', component '{82ECD641-A343-4D45-B2DD-34E0961B7622}' failed. The resource 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{62CEC9E0-3811-4C36-A94E-4F7565DCD23F}\Compatibility Flags' does not exist. Event Record #/Type1735 / Error Event Submitted/Written: 01/13/2008 08:52:26 PM Event ID/Source: 1001 / Application Error Event Description: Fault bucket 00733296. The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type20991 / Error Event Submitted/Written: 01/13/2008 08:57:14 PM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} Event Record #/Type20987 / Error Event Submitted/Written: 01/13/2008 08:49:11 PM Event ID/Source: 7026 / Service Control Manager Event Description: The following boot-start or system-start driver(s) failed to load: eeCtrl Fips Processor Event Record #/Type20986 / Error Event Submitted/Written: 01/13/2008 08:48:15 PM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Event Record #/Type20982 / Error Event Submitted/Written: 01/13/2008 08:46:09 PM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Event Record #/Type20981 / Error Event Submitted/Written: 01/13/2008 06:22:34 PM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} -- End of Deckard's System Scanner: finished at 2008-01-13 21:47:30 ------------ this is extra.txt |
|
|
|
|
01-13-2008, 11:11 PM
|
#11 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,591
OS: WinXP and Vista
|
Re: Completed 2/5 steps - please look over this and tell me what to do
Excellent. Thank you.
You have a variant of Vundo that has worked it's way to legit programs. This will require more than one round to properly eradicate, so please stay with me posting the requested logs, until given the 'all clear'--even if symptoms seemingly abate. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. *************************************************** Download Combofix from any of the links below, and save it to your desktop. Link 1 Link 2 Link 3 **Note: It is important that it is saved directly to your desktop** -------------------------------------------------------------------- 1. Disconnect from the internet. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. -------------------------------------------------------------------- Double click on ComboFix.exe & follow the prompts.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall |
|
|
|
|
01-13-2008, 11:29 PM
|
#12 (permalink) |
|
Registered User
Join Date: Jan 2008
Posts: 71
OS: Windows Vista
|
Re: Completed 2/5 steps - please look over this and tell me what to do
I did exactly as said, closed all programs and scanned with Combofix. However, it went back to the blank background screen and nothing happened for 5 minutes, so I turned the computer off. The clock has now been changed to 22:29 (english format, although I'm in America) and we cannot edit that. This was not as it was before turning the computer off.
HELP. |
|
|
|
|
01-13-2008, 11:32 PM
|
#13 (permalink) |
|
Registered User
Join Date: Jan 2008
Posts: 71
OS: Windows Vista
|
Re: Completed 2/5 steps - please look over this and tell me what to do
Also, ComboFix was already open when I started and said:
Preparing Log Report. Do not run any programs until ComboFix has finished The system cannot find the path specified. |
|
|
|
|
01-13-2008, 11:46 PM
|
#14 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,591
OS: WinXP and Vista
|
Re: Completed 2/5 steps - please look over this and tell me what to do
The clock setting is 'stuck' as such because you shut down the computer while ComboFix was still running.
The tool has a lot to do on your system. Please be patient and allow it to do it's job. Yes, the desktop will go blank, once or twice, during the course of the run. It's nothing to worry about, and it will return. Run ComboFix.exe again, this time from Safe Mode. Post the ComboFix.txt here. (Once ComboFix has completed a successful run, the clock setting will return to normal.) |
|
|
|
|
01-13-2008, 11:59 PM
|
#15 (permalink) |
|
Registered User
Join Date: Jan 2008
Posts: 71
OS: Windows Vista
|
Re: Completed 2/5 steps - please look over this and tell me what to do
ComboFix 08-01-14.3 - Owner 2008-01-13 13:48:10.2 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.637 [GMT -8:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\Owner\Start Menu\Programs\Startup\findfast .exe C:\Documents and Settings\Owner\Start Menu\Programs\Startup\findfast .exe C:\Documents and Settings\Owner\Start Menu\Programs\Startup\findfast .exe C:\Documents and Settings\Owner\Start Menu\Programs\Startup\findfast .exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe C:\Program Files\outerinfo C:\Program Files\outerinfo\OuterinfoUpdate.exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Registry Cleaner Trial\Regclean .exe C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\temp\17o7 C:\temp\17o7\tmpTF.log C:\temp\tn3 C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67 C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\music\mainmenumusic.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\areabomb.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\beetlezap.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonusrow.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonustimer.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bucketfilled.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\clearpyramid.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1a.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1b.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1c.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2a.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2b.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2c.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\colorchain.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\dialogbox.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\drumbeat.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\fillrow.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\gateopen.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\helptip.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\powerup.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\rotateboardleft.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\timerup.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning2.ogg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\artifacts-bb.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\bar.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber0.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber1.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\circledoor.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\full_screen_dialog.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_large.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_small.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_large.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_small.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hexfield.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hidden-artifact_icon.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\large_dialog.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\local-hs-bb.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\mainmenu.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\small_dialog.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\textfield.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\trifield.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover2.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover3.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover4.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock2.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock3.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock4.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetletatoo.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\dirt.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpost.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpostovr.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\tritop.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_down.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_over.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_up.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_down.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_over.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_up.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_down.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_over.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_up.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_down.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_over.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_up.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_down.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_over.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_up.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_down.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_over.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_up.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkdown.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkup.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_down.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_over.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_up.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_down.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_over.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_up.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_down.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_over.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_up.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_down.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_over.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_up.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_down.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_over.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_up.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknob.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknobover.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderrail.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\anwar\look\pl0001.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\bast\look\bl0001.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\kristine\look\kl0001.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\crackedstopper.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\cursor.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\doorlights.txt C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\jackarmstrong.mvec C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\lithos.mvec C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\greybomb.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\arrowkeys.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\helptip.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\levels\levels.dat C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\disk.mesh C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\equilateraltriangle.mesh C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\flattri.mesh C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\pyramid.mesh C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\quad.mesh C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\rotatingpyramid.mesh C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\scarabpanel.mesh C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\p1icon.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-0.xml C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-1.xml C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-0-1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-1-1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scorecloud.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\setup.xml C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\areashockwave.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_2.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_3.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_4.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_starter.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_tail.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\flash.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\rubble.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke2.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke3.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\aol_logo.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\playfirst_logo.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue0\snake_dirty.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\arm01_dirty.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\mask01_1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\statue01_dirty.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\stopper.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\timer.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\timerglow.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\timericon.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\tm.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue2.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue3.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen2.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen3.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered2.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered3.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow2.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow3.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabomb.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabombrollover.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\blue.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bluerollover.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\boardfill.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick2.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick3.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bricktip.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared2.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared3.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared4.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared5.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared6.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye1.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye2.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye3.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye4.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\green.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\greenrollover.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-blue.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-bluerollover.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-green.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-greenrollover.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-red.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-redrollover.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellow.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellowrollover.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\red.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\redrollover.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wild.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wildrollover.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellow.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellowrollover.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image0.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image1.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image2.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image3.jpg C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\bluebucket.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\buckettriangle.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chainlink.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chaintip.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\genericbucket.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\greenbucket.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\redbucket.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallblue.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallgreen.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallred.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallyellow.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnglow.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnplatform.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\yellowbucket.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\warning.png C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\error.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\game.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\gameover.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscore.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoreinfo.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoresubmit.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\instructions.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\leveldesign.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\levelover.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainarcade.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainconfirm.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\maincontinue.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\maingames.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainpuzzle.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\maphelptip.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\options.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\pause.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\quitconfirm.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\start.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\storyplayer.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\style.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\upsell.lua C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\strings.xml C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\TriJinx.exe C:\WINDOWS\system32\ctfmon.exe.tmp C:\WINDOWS\system32\hggfecb.dll C:\WINDOWS\system32\mnnmp.ini C:\WINDOWS\system32\mnnmp.ini2 C:\WINDOWS\system32\pmnnm.dll C:\WINDOWS\system32\pmnnm.exe C:\WINDOWS\system32\qtutv.ini C:\WINDOWS\system32\qtutv.ini2 C:\WINDOWS\system32\RCX3A.tmp C:\WINDOWS\system32\vtutq.dll C:\WINDOWS\system32\vtutq.exe C:\WINDOWS\system32\wowfx.dll Code:
<pre> C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe ---> apdproxy.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe ---> Reader_sl.exe C:\Program Files\ATI Technologies\ATI.ACE\CLIStart .exe ---> CLIStart.exe C:\Program Files\Brother\Brmfl04a\BrStDvPt .exe ---> BrStDvPt.exe C:\Program Files\Brother\ControlCenter2\brctrcen .exe ---> brctrcen.exe C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe ---> SSBkgdupdate.exe C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe ---> HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper .exe ---> iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe ---> QooBox C:\Program Files\QuickTime\qttask .exe ---> qttask.exe C:\Program Files\QuickTime\qttask .exe ---> qttask.exe C:\Program Files\Registry Cleaner Trial\Regclean .exe ---> Regclean.exe C:\Program Files\Registry Cleaner Trial\Regclean .exe ---> Regclean.exe C:\Program Files\ScanSoft\PaperPort\IndexSearch .exe ---> IndexSearch.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt .exe ---> pptd40nt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe ---> TeaTimer.exe </pre> . ((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 ))))))))))))))))))))))))))))))) . 2008-01-13 22:14 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-13 21:27 . 2008-01-13 21:27 4,022 --a------ C:\WINDOWS\system32\tmp.reg 2008-01-13 21:24 . 2008-01-13 21:24 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft 2008-01-13 21:24 . 2008-01-13 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-01-13 21:24 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-13 21:16 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-01-13 21:16 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-01-13 21:16 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-01-13 21:16 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-01-13 21:16 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-01-13 21:16 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-01-13 21:02 . 2008-01-13 21:02 <DIR> d-------- C:\Deckard 2008-01-13 20:57 . 2008-01-13 20:58 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-01-13 20:57 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-01-13 14:19 . 2008-01-13 14:19 <DIR> d-------- C:\Program Files\Trend Micro 2008-01-13 14:17 . 2008-01-13 16:35 <DIR> d-------- C:\VundoFix Backups 2008-01-11 23:06 . 2008-01-11 23:06 230 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-01-11 23:04 . 2006-11-07 21:01 66,048 --a------ C:\WINDOWS\ieResetIcons.exe 2008-01-11 12:41 . 2008-01-11 12:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\EasySpywareCleaner.com 2008-01-11 12:40 . 2008-01-11 12:40 19,080 --a------ C:\WINDOWS\system32\ctfmona .exe 2008-01-11 03:31 . 2008-01-11 23:02 <DIR> d-------- C:\Program Files\EasySpywareCleaner 2008-01-08 22:53 . 2008-01-12 22:34 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe 2008-01-08 18:44 . 2008-01-08 18:44 24,576 --------- C:\WINDOWS\system32\winzoa32.dll_tobedeleted_old 2008-01-08 18:44 . 2008-01-08 18:44 0 --a------ C:\Install 2007-12-24 09:52 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-12-24 09:52 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2007-12-22 15:04 . 2007-12-28 21:44 520 --a------ C:\WINDOWS\netdet.ini 2007-12-19 17:31 . 2007-12-19 17:31 118,784 --a------ C:\WINDOWS\dsdxirmv.exe 2007-12-15 15:49 . 2007-12-19 17:31 <DIR> d-------- C:\Program Files\Cakewalk 2007-12-15 15:49 . 2007-12-19 17:32 <DIR> d-------- C:\Cakewalk Projects 2007-12-15 15:30 . 2007-12-16 18:32 <DIR> d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor 2007-12-15 15:28 . 2007-12-15 15:28 <DIR> d-------- C:\Linksys Driver . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-14 06:22 --------- d-----w C:\Program Files\Registry Cleaner Trial 2008-01-14 06:22 --------- d-----w C:\Program Files\QuickTime 2008-01-14 06:22 --------- d-----w C:\Program Files\iTunes 2008-01-13 23:49 --------- d-----w C:\Program Files\Viewpoint 2008-01-13 23:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan 2008-01-13 23:47 --------- d-----w C:\Program Files\MySpace 2008-01-13 23:45 --------- d-----w C:\Program Files\Yahoo! 2008-01-13 23:43 --------- d-----w C:\Program Files\LimeWire 2008-01-13 23:41 --------- d-----w C:\Program Files\Common Files\AOL 2008-01-13 23:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-01-13 21:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\OpenOffice.org2 2008-01-10 00:50 --------- d-----w C:\Program Files\Yahoo! Games 2007-12-28 21:01 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2007-12-28 00:54 --------- d-----w C:\Documents and Settings\Owner\Application Data\PlayFirst 2007-12-24 01:07 --------- d-----w C:\Program Files\Diablo II 2007-12-15 23:49 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-13 09:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-12-01 00:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia 2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv(2).dll 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-09-02 20:17 2,273,106 -c--a-w C:\Program Files\SFM2Install.exe 2007-08-08 02:17 17 -c--a-w C:\Program Files\Sims2Pack Clean Installer.ini 2005-05-12 06:36 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll . Code:
<pre> ----a-w 9,728 2008-01-13 06:35:29 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun .exe ----a-w 15,360 2008-01-13 06:34:56 C:\WINDOWS\system32\ctfmon .exe ----a-w 19,080 2008-01-11 20:40:51 C:\WINDOWS\system32\ctfmona .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05AB4120-EC20-4DB3-821A-DD83F15C09BE}] C:\WINDOWS\system32\mljge.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F8808B0-DAA4-41E3-BD77-EE166B7AA0D9}] C:\WINDOWS\system32\pmkhi.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2FAB54B-08FC-4214-9F40-83CDB2B410D2}] C:\WINDOWS\system32\mllmk.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ] "Aim6"="C:\Program Files\AIM6\aim6.exe" [ ] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-13 10:12 1415824] "Registry Cleaner"="C:\Program Files\Registry Cleaner Trial\Regclean.exe" [2008-01-13 10:12 4771840] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "SpybotDeletingB2782"="command /c del C:\Documents and Settings\Owner\Local Settings\Temp\gos1E.tmp_tobedeleted_old" [ ] "SpybotDeletingD8803"="cmd /c del C:\Documents and Settings\Owner\Local Settings\Temp\gos1E.tmp_tobedeleted_old" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2008-01-13 10:12 90112] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2008-01-13 10:12 155648] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2008-01-13 10:12 57393] "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2008-01-13 10:12 40960] "SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2008-01-13 10:12 49152] "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2008-01-13 10:12 851968] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2008-01-13 10:12 57344] "zzzHPSETUP"="D:\Setup.exe" [ ] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-13 10:12 49152] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-13 10:12 39792] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-13 10:12 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-13 10:12 267048] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AOLRebootNeeded"="regsvr32.exe" [2004-08-04 11:00 11776 C:\WINDOWS\system32\regsvr32.exe] "VundoFix"="C:\Documents and Settings\Owner\Desktop\vundofix.exe" [2008-01-13 14:16 132608] "SpybotDeletingA7973"="command /c del C:\Documents and Settings\Owner\Local Settings\Temp\gos1E.tmp_tobedeleted_old" [ ] "SpybotDeletingC5299"="cmd /c del C:\Documents and Settings\Owner\Local Settings\Temp\gos1E.tmp_tobedeleted_old" [ ] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ autorun .exe [2008-01-12 22:35:29] HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24] QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-07-23 20:22:05] Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-02-01 07:38:18] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, , , [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] C:\Program Files\AIM6\aim6.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-01-13 10:12 267048 C:\Program Files\iTunes\iTunesHelper.exe S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32f8ce28-469c-11dc-bbbf-0013d3b1bb15}] \Shell\AutoRun\command - J:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9a92e7e-5d4e-11dc-bbeb-0013d3b1bb15}] \Shell\AutoRun\command - I:\LaunchU3.exe -a *Newly Created Service* - AVGASCLN . Contents of the 'Scheduled Tasks' folder "2008-01-12 04:22:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-14 13:49:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-14 13:50:15 ComboFix-quarantined-files.txt 2008-01-14 21:50:07 . 2008-01-13 05:23:36 --- E O F --- The clock has not returned to its original state, yet I let ComboFix run. I don't think this is much of a problem, rather an annoyance. Let me know about everything else quick, need to get to bed and THANK YOU for all the help! I will wait for your reply |
|
|
|
|
01-14-2008, 12:08 AM
|
#16 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,591
OS: WinXP and Vista
|
Re: Completed 2/5 steps - please look over this and tell me what to do
Also, please let Spybot forum know that you are already being assisted here. All the forums are swamped with users needing help, and there are only so many of us qualified to assist.
Let's not waste Analysts/Helpers time. You have 2 threads there that need to be closed: http://forums.spybot.info/showthread.php?p=153668 http://forums.spybot.info/showthread.php?p=153719 |
|
|
|
|
01-14-2008, 12:13 AM
|
#17 (permalink) |
|
Registered User
Join Date: Jan 2008
Posts: 71
OS: Windows Vista
|
Re: Completed 2/5 steps - please look over this and tell me what to do
Okay, I told Spybot, as I totally forgot about them (was on the upstairs computer, am now on the effected, downstairs computer). Thank you!
What is the next step? My clock has not returned to normal, but I am not able to use Control Panel! We have kicked some of the virus away, as even in Safe Mode I was not able to use Control Panel on our account! Thank you thank you thank you, a million times thank you. |
|
|
|
|
01-14-2008, 12:14 AM
|
#18 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,591
OS: WinXP and Vista
|
Re: Completed 2/5 steps - please look over this and tell me what to do
Quote:
|
|
|
|
|
|
01-14-2008, 12:15 AM
|
#19 (permalink) |
|
Registered User
Join Date: Jan 2008
Posts: 71
OS: Windows Vista
|
Re: Completed 2/5 steps - please look over this and tell me what to do
I also thought this is relevant: I have a security add-on on Mozilla Firefox that shows me the level of security of my computer & a page that I am on. Currently, it shows as elevated (because of the virus problems). This is what the site says:
ThreatCon Level is 2 The ThreatCon is currently at Level 2 in response to the disclosure of a critical remote vulnerability affecting the default configurations of Windows XP and Windows Vista. Nondefault configurations of Windows 2003 are also affected. Microsoft has released a patch for this issue in the MS08-001 Security Bulletin today. The MS08-001 bulletin also addresses a remote kernel-based denial-of-service issue affecting nondefault configurations of Windows 2000, XP, and 2003. IBM Internet Security Systems, the tram that discovered these kernel-based flaws, has recently released an official advisory suggesting that the ICMP-based flaw, which Microsoft has considered a low-severity, denial-of-service issue, may in fact be exploitable to execute code. However, we have not confirmed this. Windows 2000 users who are not affected by the critical vulnerability may want to reevaluate their stance on patching the lower-severity issue in light of this new information. Multiple (3) Microsoft Windows TCP/IP Remote Code Execution and DoS Vulnerabilities (http://iss.net/threats/282.html) The MS08-002 bulletin was also released to address a local privilege-escalation vulnerability affecting LSASS. Users are advised to review the Microsoft Security Bulletins and to apply the patches as soon as possible. For more information, see the following: MS08-001 (http://www.microsoft.com/technet/sec.../MS08-001.mspx) MS08-002 (http://www.microsoft.com/technet/sec.../MS08-002.mspx) --- This may or may not be at all relevant to what we're doing. |
|
|
|
|
01-14-2008, 12:16 AM
|
#20 (permalink) | |
|
Registered User
Join Date: Jan 2008
Posts: 71
OS: Windows Vista
|
Re: Completed 2/5 steps - please look over this and tell me what to do
Quote:
|
|
|
|
|
| Thread Tools | |
|
|
